Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence with active directory shows wrong users

Sander Brienen [Avisi]
Sander Brienen [Avisi]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 20, 2011

We've set up a Confluence (3.5.3) instance connected to Active Directory. Active Directory is configured as read only with local groups. The default group membership is set to 'confluence-users'.

The base dn is: OU=Customer,dc=hs,dc=local

The LDAP sub-dn under which the users are stored is: OU=Default Users,OU=Users

The LDAP sub-dn under which inactive users are stored is: OU=Inactive Users,OU=Users

Now the client reports an issue with the users shown in the Confluence user list. After moving a user to the dn with inactive users, they can still find the user in Confluence. The change in AD is done from outside Confluence.

It seems that Confluence doesn't update its internal indexes correctly with the changed situation from AD. Any solutions?

Answer
Watch
Like Daniel Weisser likes this
1041 views

2 answers

1 accepted

0 votes
Answer accepted
Sander Brienen [Avisi]
Sander Brienen [Avisi]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 26, 2012

The answer from support:

Yes, removing the user from AD does remove the user from Confluence's database (cwd_user table), and hence, removes his/her account from the ConfluenceAdmin >> Manage Users screen. The People Directory however, works differently. The moment the user is removed from AD, we can of course, remove the user from the cwd_user table, but for tracking purpose, we left the user in the Content table, which is where the People Directory fetches its inputs from, and hence, the user is still displayed in People Directory. But if you check in Confluence Admin >> Manage Users, the user is already gone, and will no longer be counted against your Confluence license.

This is actually raised as a bug here: https://jira.atlassian.com/browse/CONF-11467 , which describes your issue perfectly.

Quote from the Bug Report that describes your issue perfectly:

Now once you delete a user in LDAP/Jira or your external usermanagement, it will disappear from confluence user management, i.e. Searching Administration > Manage users will not find that user, however their userinfo still exists in the content table. When populating the people directory, confluence searches the CONTENT table pulling out all the people who have USERINFO rows in the table. However when it tries to display the person, it can't because the user no longer exists. If you have a number of these it can cause the display of people to be wierd (i.e. not displaying the same amount of users when clicking on next or previous when searching through the people directory) or in extreme cases it can cause the people directory to be empty.

The workaround provided in the bug report is very similar to the one I provided earlier, with the exception that my DELETE statement references the contentid directly from the output of the SELECT statement, which is more direct.

As of now, this bug is still not fixed, but do feel free to add yourself as a watcher to the bug report to be informed of updates. Of course, the only workaround you can do for now would be the database method to remove the USERINFO contents.

Reply
0 votes
Daniel Weisser
Daniel Weisser December 18, 2011

We do have the same problem. We moved an user to a different ou within the directory and the user can't log on anymore. The message in the log states: "... tried to login but they do not have USE permission or weren't found. Deleting remember me cookie." (WARN)

Version is Confluence 3.5.9

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events