Delegated LDAP groups not synching Confluence 3.5.17

I'm trying to set up a delegated LDAP directory and I can't get more than one group to come over.

This was an upgrade form Confluence 3.4-std

Set up:

Copy User on Login - checked

Synchronize Group Memberships - checked

LDAP Schema entries seem good (users can authenticate)

Group Schema Settings also seem good (the top level placeholder group gets synch'ed)

Our LDAP does not support the User Membership attribute so I have the Group Members Attribute set'

Anybody got this working?

1 answer

Hi Scott,

How delegated LDAP works is not to sync by pulling all the information to Confluence. However it will authenticate the user against the LDAP when they tried to login, and whenever they found that the user informaiton from LDAP, it will pull the information to database with its group to Confluence's database. For more information please refer to the following documentation.
* https://confluence.atlassian.com/display/DOC/Connecting+to+an+Internal+Directory+with+LDAP+Authentication

Hope it helps

Hi Rian,

Thanks for the comment. So Am I wrong to assume that when "Copy User on Login" and "Synchronize Group Memberships" options are checked that my users LDAP group memberships are not created in the local directory ?
That would seem to be what the documents say happens:

Synchronise Group Memberships

This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with the internal directory each time the user logs in.

If you select this check box the following additional fields will appear on the screen, both described in more detail below:

  • Group Schema Settings (described in a separate section below)
  • Membership Schema Settings (described in a separate section below)

Hey Scott,

That's essentially how Delegated directories work in Confluence. Your current directory configuration will have this behavior:

1. No scheduled synchronization tasks (as opposed to the regular LDAP "connector" directories)

2. When the directory is created, the directory remains empty (no groups, users or memberships) until at least 1 LDAP user logs in

3. When that 1 LDAP user logs in, only his/her memberships and groups will be pulled to Confluence. So after that, you end up with 1 LDAP user, along with that LDAP user's group memberships and groups in the delegated directory.

Hope this explains

Hey Foogie!
Thanks for the confirmation... so my LDAP user is only getting one group membership pulled over rather than all of their group memberships. I wonder why it would not retriev all the group memberships?

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

380 views 21 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you