Hello,
our Confluence instance is connected to our AD, authorizing all users of the group "wiki", which inherits its users fromthe group "IT-Admins". Before the "wiki" group inherited its users from the group "IT1". Although multiple resyncs have been done, according to confluence The group "wiki" still contains all users from "IT1".
"wiki" only inherits users from "IT-Admins", which itself contains no other groups, only 7 Users. "IT1" contains 11 Users, spread to multiple groups and thus exceeding our license.
Hi Tobias,
I understand you are using an LDAP (AD) directory for user management for your Confluence server instance. The wiki group in AD (group used to manage permission to use Confluence) now contains only the IT-Admins group but formerly contained the IT1 group. The IT1 group members are still appearing as members of the wiki group in Confluence. You manually synchronized the AD User Directory in Confluence but the IT1 group members still appear as members of wiki in Confluence.
My first suggestion is:
Secondly, I recommend eliminating the possibility that the wiki group members that are not in IT1 are maybe in a different user directory in Confluence and appearing as members of wiki because of aggregating group memberships. Please see Permissions on Managing Multiple Directories.
I look forward to hearing whether the group memberships update as expected after disabling incremental synchronization, and to any other results of your investigation.
Thanks,
Ann
Hi Ann,
thanks for your reply
I checked the points you mentioned above without any change.
But I found that removing the extra domain filters for users and groups fixed the issue although I have no idea how. All users and groups in the setup were beneath the set subdomains.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tobias,
That is great news to hear the group memberships synchronized properly at last. I can only speculate that synchronizing from the base DN without the additional group and user DNs forced the cache to refresh.
If your base DN is set to the top of the Active Directory, and you don't have the additional group and user DNs, you could run into: Some users are unable to login due to Active Directory 'follow referrals' configuration Please consider connecting to the AD global catalog server if you are not already: How do I search from Active Directory's global catalog?
Cheers,
Ann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.