Delegated LDAP groups not synching Confluence 3.5.17

I'm trying to set up a delegated LDAP directory and I can't get more than one group to come over.

This was an upgrade form Confluence 3.4-std

Set up:

Copy User on Login - checked

Synchronize Group Memberships - checked

LDAP Schema entries seem good (users can authenticate)

Group Schema Settings also seem good (the top level placeholder group gets synch'ed)

Our LDAP does not support the User Membership attribute so I have the Group Members Attribute set'

Anybody got this working?

1 answer

This widget could not be displayed.

Hi Scott,

How delegated LDAP works is not to sync by pulling all the information to Confluence. However it will authenticate the user against the LDAP when they tried to login, and whenever they found that the user informaiton from LDAP, it will pull the information to database with its group to Confluence's database. For more information please refer to the following documentation.
* https://confluence.atlassian.com/display/DOC/Connecting+to+an+Internal+Directory+with+LDAP+Authentication

Hope it helps

Hi Rian,

Thanks for the comment. So Am I wrong to assume that when "Copy User on Login" and "Synchronize Group Memberships" options are checked that my users LDAP group memberships are not created in the local directory ?
That would seem to be what the documents say happens:

Synchronise Group Memberships

This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with the internal directory each time the user logs in.

If you select this check box the following additional fields will appear on the screen, both described in more detail below:

  • Group Schema Settings (described in a separate section below)
  • Membership Schema Settings (described in a separate section below)

Hey Scott,

That's essentially how Delegated directories work in Confluence. Your current directory configuration will have this behavior:

1. No scheduled synchronization tasks (as opposed to the regular LDAP "connector" directories)

2. When the directory is created, the directory remains empty (no groups, users or memberships) until at least 1 LDAP user logs in

3. When that 1 LDAP user logs in, only his/her memberships and groups will be pulled to Confluence. So after that, you end up with 1 LDAP user, along with that LDAP user's group memberships and groups in the delegated directory.

Hope this explains

Hey Foogie!
Thanks for the confirmation... so my LDAP user is only getting one group membership pulled over rather than all of their group memberships. I wonder why it would not retriev all the group memberships?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 17, 2018 in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

547 views 7 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you