Microsoft Active Directory Synch No Users

Hi, I have setup Confluence with MS AD, and it pulls in my two groups for Confluence, however, it pulls in no users when I go to these groups. My users settings are listed below. Any idea why groups get pulled in, but no users in those groups?

Thanks

User Object Class:required

The LDAP user object class type to use when loading users.

User Object Filter:required

The filter to use when searching user objects.

User Name Attribute:required

The attribute field to use on the user object. Examples: cn, sAMAccountName.

User Name RDN Attribute:

The RDN to use when loading the user username.Example: cn.

User First Name Attribute:required

The attribute field to use when loading the user first name.

User Last Name Attribute:required

The attribute field to use when loading the user last name.

User Display Name Attribute:required

The attribute field to use when loading the user full name.

User Email Attribute:required

The attribute field to use when loading the user email.

User Password Attribute:required

The attribute field to use when manipulating a user password.

User Unique ID Attribute:

The attribute field to use for tracking user identity across user renames.

3 answers

0 votes

Hi Ann,

I made that change to the filter but also started the base further up in the tree and its now pulled in the users.

Thanks= for you help!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Ann,

I made that change d, but the testing tool still comes back user not found. Thouhgts?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Can you find the user in User Management? You mentioned some users were pulled in, what if you test with a user that is definitely in User Management?

Please review Managing Multiple Directories. You may need to move your AD directory higher in the User Directory hierarchy before you can log in with your LDAP credentials.

Users will see a "Not Permitted" page if they log in without being added to the Global Permissions.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

So I see the users in the AD groups, however, if I try and test the LDAP connection with my credentials in AD I get this:

Test retrieve user : Failed
User useridishere does not exist

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You mentioned you see all the users including yourself - is that under <Base_URL>/admin/users/showallusers.action? If you click on your username on that page you can verify which directory it is coming from, please make sure the user account you are seeing for your ID is not an internal one.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Finally been able to get back on this. I have been able to fix this. structure the search to jus the groups the users are in and ensured the username didn't have the domain. Thank for your help.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Hi Ann, Thanks for your reply, here is the summary:

=== Directories configured ===
Directory ID:
Name: Confluence Internal Directory
Active: true
Type: INTERNAL
Created date: 2017-07-11 15:20:46.335
Updated date: 2017-07-11 15:20:46.335
Allowed operations: [CREATE_GROUP, DELETE_ROLE, CREATE_ROLE, DELETE_GROUP, DELETE_USER, UPDATE_ROLE, UPDATE_GROUP, UPDATE_USER, CREATE_USER, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, UPDATE_ROLE_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
"user_encryption_method": "atlassian-security"

Directory ID:
Name: LDAP server
Active: false
Type: CONNECTOR
Created date: 2017-07-14 11:49:00.821
Updated date: 2017-07-17 14:00:39.072
Allowed operations: [CREATE_GROUP, UPDATE_GROUP_ATTRIBUTE, DELETE_GROUP, UPDATE_GROUP, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
"com.atlassian.crowd.directory.sync.lastdurationms": "270"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1500296403830"
"crowd.sync.group.membership.after.successful.user.auth.enabled": "only_when_first_created"
"crowd.sync.incremental.enabled": "false"
"directory.cache.synchronise.interval": "3600"
"ldap.basedn": "OU=A,OU=S,OU=AD,DC=D,DC=net"
"ldap.connection.timeout": "10000"
"ldap.external.id": "objectGUID"
"ldap.filter.expiredUsers": "true"
"ldap.group.description": "description"
"ldap.group.filter": "(&(objectCategory=Group)(|(cn=confluence_users)(cn=confluence_admins)))"
"ldap.group.name": "cn"
"ldap.group.objectclass": "group"
"ldap.group.usernames": "member"
"ldap.local.groups": "true"
"ldap.nestedgroups.disabled": "true"
"ldap.pagedresults": "true"
"ldap.pagedresults.size": "1000"
"ldap.password": ********
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "false"
"ldap.read.timeout": "120000"
"ldap.referral": "false"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://"
"ldap.user.displayname": "displayName"
"ldap.user.email": ""
"ldap.user.encryption": ""
"ldap.user.filter": "(|(objectCategory=person)(objectClass=user))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "user"
"ldap.user.password": "unicodePwd"
"ldap.user.username": "userPrincipalName"
"ldap.user.username.rdn": "cn"
"ldap.userdn": ""
"ldap.usermembership.use": "true"
"ldap.usermembership.use.for.groups": "true"
"localUserStatusEnabled": "false"

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

It looks like the directory is disabled at the moment, so it will not be periodically synchronizing:

Active: false

I am assuming you disabled it because it wasn't pulling in users.

Most of your settings are default. I noticed you are using userPrincipalName instead of sAMAccountName as the user name, that should be fine, though.

The object class is already set to user in the User Object Class field, so I am not sure why it is included in the user filter:

"ldap.user.filter": "(|(objectCategory=person)(objectClass=user))"

The default is:

(&(objectCategory=Person)(sAMAccountName=*))

Please try the following user filter:

(&(objectCategory=Person)(userPrincipalName=*))

Please check whether the base DN is higher in the AD tree than the users so there are user objects beneath the designated Base DN.

I look forward to hearing the results.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

One question, how do I set it up to use LDAP when users login?

I tired and it didn't work for me. I see all the users inculding myself.

Thanks

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

I would like to examine a Directory Configuration Summary for your case. I asked for that on this forum before and was told the code block wouldn't accept the cut and paste so perhaps you could screen shot the info and post it here - redact anything you don't want to share, of course.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Microsoft Active Directory Synch No Users

3 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events