Hi
I've been trying for some days to solve this issues, and got to admit. I need some help.
Now every user in our AD gets synced to Confluence, and that’s not the ideal solution, as admin, consultant etc. is synced too due to the AD structure.
I’ve learned that a solution would be to specify, which users to get synchronized using object filtering and the following should work:
- (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Confluence Users,OU=Confluence,OU=Security Groups,OU=Groups and ressources,OU=Company,DC=Example,DC=Local))
And it also does, sort of. – 3 users get synced out of nearly 200. All 200 users are members of the group “Confluence Users” in our AD.
Two of the users synced are in same OU, the last one is in his own OU.
Setup as of now:
System:
- Confleunce version: 6.0.5
- Build Number: 7103
Server Settings:
- Directory type: Microsoft AD
LDAP Schema:
- Base DN: OU=Company, DC=Example, DC=Local
- Additional User DN: OU=Users
- Additional Group DN: OU=Confluence,OU=Security Groups,OU=Groups and ressources
User Schema Settings:
- User Object Filter: (&(objectCategory=Person)(sAMAccountName=*))
Group Schema Settings:
- Group Object Filter: (&(objectCategory=Group)(cn=confluence*))
Steps I’ve done:
- Created new security groups in AD -> new groups didn't have an effect neither on previously working users.
- Copied working user -> copied user didn’t get synced.
- Removed the 3 synced users from “Confluence Users” group, synced and they disappeared as they should. – added them to the group, ran a sync again and the same 3 persons appeared in user directory.
- Removed random users from “Confluence Users”, ran sync, re-added them to the group, synced again, but that didn’t do anything either.
- Toggled Enable Incremental Synchronisation on/off - > didn’t make a difference.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.