Microsoft Active Directory Synch No Users

Hi, I have setup Confluence with MS AD, and it pulls in my two groups for Confluence, however, it pulls in no users when I go to these groups. My users settings are listed below. Any idea why groups get pulled in, but no users in those groups?

 

Thanks

 

User Object Class:required
The LDAP user object class type to use when loading users.
User Object Filter:required
The filter to use when searching user objects.
User Name Attribute:required
The attribute field to use on the user object. Examples: cn, sAMAccountName.
User Name RDN Attribute:
The RDN to use when loading the user username.Example: cn.
User First Name Attribute:required
The attribute field to use when loading the user first name.
User Last Name Attribute:required
The attribute field to use when loading the user last name.
User Display Name Attribute:required
The attribute field to use when loading the user full name.
User Email Attribute:required
The attribute field to use when loading the user email.
User Password Attribute:required
The attribute field to use when manipulating a user password.
User Unique ID Attribute:
The attribute field to use for tracking user identity across user renames.

3 answers

0 votes
Ann Worley Atlassian Team Monday

I would like to examine a Directory Configuration Summary for your case. I asked for that on this forum before and was told the code block wouldn't accept the cut and paste so perhaps you could screen shot the info and post it here - redact anything you don't want to share, of course.

Hi Ann, Thanks for your reply, here is the summary:

 

=== Directories configured ===
Directory ID:
Name: Confluence Internal Directory
Active: true
Type: INTERNAL
Created date: 2017-07-11 15:20:46.335
Updated date: 2017-07-11 15:20:46.335
Allowed operations: [CREATE_GROUP, DELETE_ROLE, CREATE_ROLE, DELETE_GROUP, DELETE_USER, UPDATE_ROLE, UPDATE_GROUP, UPDATE_USER, CREATE_USER, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE, UPDATE_ROLE_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
"user_encryption_method": "atlassian-security"

Directory ID:
Name: LDAP server
Active: false
Type: CONNECTOR
Created date: 2017-07-14 11:49:00.821
Updated date: 2017-07-17 14:00:39.072
Allowed operations: [CREATE_GROUP, UPDATE_GROUP_ATTRIBUTE, DELETE_GROUP, UPDATE_GROUP, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
"com.atlassian.crowd.directory.sync.lastdurationms": "270"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1500296403830"
"crowd.sync.group.membership.after.successful.user.auth.enabled": "only_when_first_created"
"crowd.sync.incremental.enabled": "false"
"directory.cache.synchronise.interval": "3600"
"ldap.basedn": "OU=A,OU=S,OU=AD,DC=D,DC=net"
"ldap.connection.timeout": "10000"
"ldap.external.id": "objectGUID"
"ldap.filter.expiredUsers": "true"
"ldap.group.description": "description"
"ldap.group.filter": "(&(objectCategory=Group)(|(cn=confluence_users)(cn=confluence_admins)))"
"ldap.group.name": "cn"
"ldap.group.objectclass": "group"
"ldap.group.usernames": "member"
"ldap.local.groups": "true"
"ldap.nestedgroups.disabled": "true"
"ldap.pagedresults": "true"
"ldap.pagedresults.size": "1000"
"ldap.password": ********
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "false"
"ldap.read.timeout": "120000"
"ldap.referral": "false"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://"
"ldap.user.displayname": "displayName"
"ldap.user.email": ""
"ldap.user.encryption": ""
"ldap.user.filter": "(|(objectCategory=person)(objectClass=user))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "user"
"ldap.user.password": "unicodePwd"
"ldap.user.username": "userPrincipalName"
"ldap.user.username.rdn": "cn"
"ldap.userdn": ""
"ldap.usermembership.use": "true"
"ldap.usermembership.use.for.groups": "true"
"localUserStatusEnabled": "false"

 

 

Ann Worley Atlassian Team Tuesday

It looks like the directory is disabled at the moment, so it will not be periodically synchronizing:

Active: false

I am assuming you disabled it because it wasn't pulling in users.

Most of your settings are default. I noticed you are using userPrincipalName instead of sAMAccountName as the user name, that should be fine, though.

The object class is already set to user in the User Object Class field, so I am not sure why it is included in the user filter:

"ldap.user.filter": "(|(objectCategory=person)(objectClass=user))"

The default is:

(&(objectCategory=Person)(sAMAccountName=*)) 
  • Please try the following user filter:
(&(objectCategory=Person)(userPrincipalName=*)) 
  •  Please check whether the base DN is higher in the AD tree than the users so there are user objects beneath the designated Base DN.

I look forward to hearing the results.

One question, how do I set it up to use LDAP when users login?

I tired and it didn't work for me. I see all the users inculding myself.

 

Thanks

Hi Ann,

I made that change to the filter but also started the base further up in the tree and its now pulled in the users.

 

Thanks= for you help!

Suggest an answer

Log in or Register to answer