I'm trying to set up a delegated LDAP directory and I can't get more than one group to come over.
This was an upgrade form Confluence 3.4-std
Set up:
Copy User on Login - checked
Synchronize Group Memberships - checked
LDAP Schema entries seem good (users can authenticate)
Group Schema Settings also seem good (the top level placeholder group gets synch'ed)
Our LDAP does not support the User Membership attribute so I have the Group Members Attribute set'
Anybody got this working?
Hi Scott,
How delegated LDAP works is not to sync by pulling all the information to Confluence. However it will authenticate the user against the LDAP when they tried to login, and whenever they found that the user informaiton from LDAP, it will pull the information to database with its group to Confluence's database. For more information please refer to the following documentation.
* https://confluence.atlassian.com/display/DOC/Connecting+to+an+Internal+Directory+with+LDAP+Authentication
Hope it helps
Hi Rian,
Thanks for the comment. So Am I wrong to assume that when "Copy User on Login" and "Synchronize Group Memberships" options are checked that my users LDAP group memberships are not created in the local directory ?
That would seem to be what the documents say happens:
Synchronise Group Memberships |
This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with the internal directory each time the user logs in.
|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Scott,
That's essentially how Delegated directories work in Confluence. Your current directory configuration will have this behavior:
1. No scheduled synchronization tasks (as opposed to the regular LDAP "connector" directories)
2. When the directory is created, the directory remains empty (no groups, users or memberships) until at least 1 LDAP user logs in
3. When that 1 LDAP user logs in, only his/her memberships and groups will be pulled to Confluence. So after that, you end up with 1 LDAP user, along with that LDAP user's group memberships and groups in the delegated directory.
Hope this explains
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Foogie!
Thanks for the confirmation... so my LDAP user is only getting one group membership pulled over rather than all of their group memberships. I wonder why it would not retriev all the group memberships?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.