Incremental directory synchronisation not working properly

The setup:

I have a deployment containing Crowd, JIRA and Confluence.

JIRA and Confluence are set up to talk to Crowd, have public sign-ups enabled, and use SSO.

Crowd has 2 Internal Directories defied... one called Public and one called Internal

In Crowd, the JIRA and Confluence apps are set to authenticate against both the Public and Internal directories, with the appropriate groups jira-users, confluence-users, etc. defined in both directories. Public is set up as the first in the ordering list and allows for Add users permission to the apps. Internal disallows the Add users permission.

Both directories are also allowing nested groups.

In the Internal directory I have the following groups:internal-users, internal-admins

In the Public directory I have public-users

These groups have been added to belong to their respective jira-users confluence-users , etc, in a nested fashion.

For example, a user foo in directory Public that belongs to the group public-users is automatically part (through nesting) of the following groups: jira-users, confluence-users.

Finally, the Options tab for the directory Public specifies that new users should be automatically added to the public-users group (such that they automatically obtain access to jira and confluence).

Both JIRA and Confluence have been set up to access the Crowd directory, enable read/write access and group nesting, and incremental synchronisation.

The problem:

Once a new user signs up via the JIRA public sign-up link, the user is properly added to the public-users group (and seems to also be added automatically to jira-users, i assume by JIRA itself, which is redundant, but ok). The new user is able to access JIRA just fine, but has trouble accessing Confluence. The user's password is recognized, but a message indicating that the user doesn't have permissions to view the space is displayed. (I have manually triggered a synchronization action to happen before attempting to log in as the new user). At this point, if I log in as administrator to Confluence and go into the page showing the list of users, and look at the details of the new user, in the groups section I only see jira-users, but not the default public-users and confluence-users that I would've expected to see.

The workaround:

With everything set up as described above, the only change to make is to instruct Confluence NOT to do incremental synchronization in the User Directories section for the Crowd directory I've set up. That means that every synchronization attempt will perform FULL synchronization. With FULL synchronization everything works as expected. If I look at the users' details I can see all the groups that are supposed to be there: confluence-users jira-users and public-users.

Hopefully a fix can be implemented so that incremental synchronization works properly.

JIRA does not seem to have this problem, even though incremental synchronization is enabled.

2 answers

1 vote

Hi Boris,

I know it has been some time since you stated this issue. Judging by your comment, it seems to be some problem in the application indeed.

If you are still having this problem, I suggest to open a support request in our support tracker as such we can investigate the root cause for the incremental synchronization not working as expected.

I hope this helps you.



Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

1,116 views 59 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you