Delegated LDAP groups not synching Confluence 3.5.17

I'm trying to set up a delegated LDAP directory and I can't get more than one group to come over.

This was an upgrade form Confluence 3.4-std

Set up:

Copy User on Login - checked

Synchronize Group Memberships - checked

LDAP Schema entries seem good (users can authenticate)

Group Schema Settings also seem good (the top level placeholder group gets synch'ed)

Our LDAP does not support the User Membership attribute so I have the Group Members Attribute set'

Anybody got this working?

1 answer

Hi Scott,

How delegated LDAP works is not to sync by pulling all the information to Confluence. However it will authenticate the user against the LDAP when they tried to login, and whenever they found that the user informaiton from LDAP, it will pull the information to database with its group to Confluence's database. For more information please refer to the following documentation.

Hope it helps

Hi Rian,

Thanks for the comment. So Am I wrong to assume that when "Copy User on Login" and "Synchronize Group Memberships" options are checked that my users LDAP group memberships are not created in the local directory ?
That would seem to be what the documents say happens:

Synchronise Group Memberships

This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with the internal directory each time the user logs in.

If you select this check box the following additional fields will appear on the screen, both described in more detail below:

  • Group Schema Settings (described in a separate section below)
  • Membership Schema Settings (described in a separate section below)

Hey Scott,

That's essentially how Delegated directories work in Confluence. Your current directory configuration will have this behavior:

1. No scheduled synchronization tasks (as opposed to the regular LDAP "connector" directories)

2. When the directory is created, the directory remains empty (no groups, users or memberships) until at least 1 LDAP user logs in

3. When that 1 LDAP user logs in, only his/her memberships and groups will be pulled to Confluence. So after that, you end up with 1 LDAP user, along with that LDAP user's group memberships and groups in the delegated directory.

Hope this explains

Hey Foogie!
Thanks for the confirmation... so my LDAP user is only getting one group membership pulled over rather than all of their group memberships. I wonder why it would not retriev all the group memberships?

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

751 views 23 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you