Delegated LDAP groups not synching Confluence 3.5.17

Scott Hall February 21, 2013

I'm trying to set up a delegated LDAP directory and I can't get more than one group to come over.

This was an upgrade form Confluence 3.4-std

Set up:

Copy User on Login - checked

Synchronize Group Memberships - checked

LDAP Schema entries seem good (users can authenticate)

Group Schema Settings also seem good (the top level placeholder group gets synch'ed)

Our LDAP does not support the User Membership attribute so I have the Group Members Attribute set'

Anybody got this working?

1 answer

1 vote
RianA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 21, 2013

Hi Scott,

How delegated LDAP works is not to sync by pulling all the information to Confluence. However it will authenticate the user against the LDAP when they tried to login, and whenever they found that the user informaiton from LDAP, it will pull the information to database with its group to Confluence's database. For more information please refer to the following documentation.
* https://confluence.atlassian.com/display/DOC/Connecting+to+an+Internal+Directory+with+LDAP+Authentication

Hope it helps

Scott Hall February 21, 2013

Hi Rian,

Thanks for the comment. So Am I wrong to assume that when "Copy User on Login" and "Synchronize Group Memberships" options are checked that my users LDAP group memberships are not created in the local directory ?
That would seem to be what the documents say happens:

Synchronise Group Memberships

This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with the internal directory each time the user logs in.

If you select this check box the following additional fields will appear on the screen, both described in more detail below:

  • Group Schema Settings (described in a separate section below)
  • Membership Schema Settings (described in a separate section below)

fsim
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 22, 2013

Hey Scott,

That's essentially how Delegated directories work in Confluence. Your current directory configuration will have this behavior:

1. No scheduled synchronization tasks (as opposed to the regular LDAP "connector" directories)

2. When the directory is created, the directory remains empty (no groups, users or memberships) until at least 1 LDAP user logs in

3. When that 1 LDAP user logs in, only his/her memberships and groups will be pulled to Confluence. So after that, you end up with 1 LDAP user, along with that LDAP user's group memberships and groups in the delegated directory.

Hope this explains

Scott Hall February 24, 2013

Hey Foogie!
Thanks for the confirmation... so my LDAP user is only getting one group membership pulled over rather than all of their group memberships. I wonder why it would not retriev all the group memberships?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events