Connecting to remote LDAP

i get this error message while testing the remote connections to my ldap.

where can i edit these settings? (

Testen, ob sich der Benutzer authentifizieren kann : Fehlgeschlagen

Write operations are not allowed in read-only mode (FlushMode.NEVER): Turn your Session into FlushMode.AUTO or remove 'readOnly' marker from transaction definition.
all other test succeed and groups are already imported.
thanks for your help.
fabian

3 answers

1 accepted

Hi Fabian,

Could you please try to synchronize the directory first before do the "Test Authenticate".

Edited:

Sorry I missed out this:

all other test succeed and groups are already imported.

Seems like you have synchronize the user already, I thought this was the cause of your issue

https://jira.atlassian.com/browse/CONF-25384

Anyway, I think it would be a good idea to pass this to the support channel so that we could analyze your logs thoroughly.

If you want to continue here, you might want to pass the snippet of the stack trace written on your atlassian-confluence.log so that we could get a better idea of the issue. Also, could you please let us know when this issue occurred, is it when you "Test Authenticate" the user, or when the user try to log-in to Confluence.

Looking forward to hear from you.

Cheers,

Septa Cahyadiputra

Ah, if that is the case, means you need to double check your configuration. The fact that groups retrieve successfully means there must be something wrong with your configuration.

Double check is the "Additional User DN" or "User Object Filter" and see if there are anything wrong with it.

I highly recommend you to use a third party LDAP browser such as Apache Directory Server to check your configuration and search filter.

Hope it helps.

Cheers,

Septa Cahyadiputra

the error happens while testing the LDAP connection.

my Basic DN = cn=users,dc=xxx,dc=xxx

so by calling this i should get all ad-users who are in the users group?

additional user DN is empty,

user object filter = (&(objectCategory=Person)(sAMAccountName=*))

is there anything wrong... im going to try get the info using Apache DS

Seems like you will need to create a support ticket so that we could review your user example LDIF export and your current "Directory Configuration Summary" to understand clearly why Confluence was not able to retrieve the whole user base.

In the meantime, could you please confirm that the credential used by Confluence to bind to the LDAP server has the necessary privilege to browse users?

sync leads to no errors but only the groups are synchronised not the users. any other ideas?

I've been busy setting up a link to Active Directory. I also had the same message when testing the LDAP connections, even though the sync went okay.

I have the link with AD working now. The message is still shown if the directory connections are tested, but apparently it is not a big issue.

Some things are worth mentioning when setting up the directory connections, so I will do so here.

Each connection must contain groups and the users belonging to those groups. If they come from multiple domains, then create new LDAP connections for them.

We have several domains here, lets call them CORP (main level), A, B and C.
My groups were all in domain A, while users could come from domain CORP, A, B and C.

Then the setup is like this:
- Hostname: corp.company.com
- Base DN: DC=Corp,DC=Company,DC=com (same as hostname, but written in LDAP style)
- Additional User DN: ...,DC=A (or B, or C, or leave it out for the CORP level)
- Additional Group DN: ...,DC=A (does not change as the groups are always here)
- use a Group Object Filter should the OU for the groups return too much groups. Suppose you want only groups starting with "confluencewiki-". This would be written like this: (&(objectCategory=Group)(cn=confluencewiki-*))

Although the group part is the same each time, you will not get duplicates in Confluence. The only result will be users from different directory connections in the same group.

I also noticed that even though a full sync completes successfully, it does not mean that all users are there (groups seemed to be there, although there were not many). Users cannot be found under 'Users' and are also not shown in any group under 'Groups'.
This is not a problem though. If a user that is member of a group used for Confluence logs in, then the account will be added and groups will be updated.

Hope this helps... took me a couple of days to find out :-)

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Hipchat

Moving from Hipchat to Stride? Here’s what you’ll love

Heya, Hipchat friends! We’re so happy you’re checking out   Stride. Whether you know it or not, you have been instrumental in making Stride come to life. Every feature, design, and functionality...

68 views 2 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you