our Confluence instance is connected to our AD, authorizing all users of the group "wiki", which inherits its users fromthe group "IT-Admins". Before the "wiki" group inherited its users from the group "IT1". Although multiple resyncs have been done, according to confluence The group "wiki" still contains all users from "IT1".
"wiki" only inherits users from "IT-Admins", which itself contains no other groups, only 7 Users. "IT1" contains 11 Users, spread to multiple groups and thus exceeding our license.
I understand you are using an LDAP (AD) directory for user management for your Confluence server instance. The wiki group in AD (group used to manage permission to use Confluence) now contains only the IT-Admins group but formerly contained the IT1 group. The IT1 group members are still appearing as members of the wiki group in Confluence. You manually synchronized the AD User Directory in Confluence but the IT1 group members still appear as members of wiki in Confluence.
My first suggestion is:
Secondly, I recommend eliminating the possibility that the wiki group members that are not in IT1 are maybe in a different user directory in Confluence and appearing as members of wiki because of aggregating group memberships. Please see Permissions on Managing Multiple Directories.
I look forward to hearing whether the group memberships update as expected after disabling incremental synchronization, and to any other results of your investigation.
thanks for your reply
I checked the points you mentioned above without any change.
But I found that removing the extra domain filters for users and groups fixed the issue although I have no idea how. All users and groups in the setup were beneath the set subdomains.
That is great news to hear the group memberships synchronized properly at last. I can only speculate that synchronizing from the base DN without the additional group and user DNs forced the cache to refresh.
If your base DN is set to the top of the Active Directory, and you don't have the additional group and user DNs, you could run into: Some users are unable to login due to Active Directory 'follow referrals' configuration Please consider connecting to the AD global catalog server if you are not already: How do I search from Active Directory's global catalog?
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs