It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence 6.9 - Secure LDAP - Users removed from cache

Hi,

I am running Concluence 6.9. I have just converted my LDAP to Active Directory User Directory to use SSL. The connection tests successfully and a full synchronisation is again successful.

However, when the next synchronisation occurs, all of the users are removed from the cache and no Active Directory users are able to log in. If I perform another synchronisation then it is successful again and all the users are added back into the cache. This pattern repeats itself over and over again. 

Reverting back to LDAP not using SSL works fine and users remain in the cache on subsequent synchronisations. 

 

Has anyone seen this issue before?

 

Thanks,

 

Ben

1 answer

1 accepted

0 votes
Answer accepted
Brant Schroeder Community Leader Jan 30, 2020

Are the two LDAP directory connections configured the same? You should check and make sure everything is configured the same.  

Where I have seen this happen is with incremental sync.  If you AD Global Catalog is missing the "accountExpires" attribute the LDAP queries being performed in the incremental sync will remove users because this attribute was not found in those synchronizations. Disabling the incremental sync from the advanced section of the directory settings will work as a work around until your active directory "accountExpires" attribute is added to the Global Catalog. This should be done by someone that understands the structure and size of your domain as adding an attribute triggers a full sync between all the nodes in your domain forest.

Here is another link that might have some insight into your issue. https://confluence.atlassian.com/kb/incremental-ldap-synchronisation-causing-user-deletion-826895869.html

Hi Brant,

thanks for your reply.

I've only got the one LDAP directory connection. I've modified it from non SSL to SSL and this is where the issue occurs.

All of our DC's are Global Catalog server and I had configured the port to use 3269 which is the Global Catalog LDAP port.

Cause 3 in the link you have posted seems to fit with the scenario that I have got. It works over port 389, non SSL and non Global Catalog and doesnt work over 3269 which is SSL and Global Catalog. It sounds like it might work over port 636, but I might just disable incremental sync and see how that goes.

Thanks,

Ben

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

Lessons and Learnings: Six Months of Working Remote [Discussion]

Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...

8,435 views 6 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you