Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP synchronization does not load any group member

Alexander Alexa11
Alexander Alexander September 4, 2011

Hi,
we use confluence 3.5 together with LDAP user directory. User and groups are synchronized but the groups do not show any member.
We are able to login with our LDAP accounts but without any group membership.
Our LDAP is a OpenLDAP system.

After synchronization confluence has all groups and members from LDAP, but groups don't contain any member.

Why does confluence not load the members from the member-Attribute?

Thanks in advance.

Answer
Watch
Like Be the first to like this
1825 views

3 answers

0 votes
Brian Hill
Brian Hill October 3, 2011

The posixGroup (memberUid) and groupOfNames (member) are mutually exclusive object classes. memberUid is just a login name - not an entire DN the way member is.

The question for Atlassian support how they support the posixGroup config if they even do.

Has anyone figured this out yet?

Reply
0 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2011

I think your user membership attribute is wrong, I don't see how it could be uid. It should be memberOf or something.

Try unchecking that option.

View More Comments
Alexander Alexa11
Alexander Alexander September 5, 2011

We use static group configuration, when group's members contains into group, not into user (dynamic group configuration).

Also I tried setup configuration with unchecked and cheched option. I tried both, but result is same (

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2011

I would create a support ticket, I'd be interested to hear what Atlassian support say about this. Sorry not to be of more help.

Like
Alexander Alexa11
Alexander Alexander September 6, 2011

Thank you.

Can you post the link of support ticket. I also will check it state.

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 6, 2011

Sorry, I meant that I advise you to create a support ticket, and then post back here if you get useful information.

Like
Reply
0 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 4, 2011

How do you mean "member-Attribute"? AFAIK the member attribute for OpenLDAP is uniqueMember. If you have member, you need to change that in in Membership Schema Settings.

Can you double-check the actual attribute in your schema, and the settings in jira.

View More Comments
Alexander Alexa11
Alexander Alexander September 5, 2011

Jamie, thank you for answer.

I set next parameters in LDAP User Directory in section "Membership Schema Settings":

Group Members Attribute: memberUid

User Membership Attribute: uid

Use the User Membership Attribute: When finding the user's group membership

And after this settings members didn't load in group.

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2011

What does the ldif for a group look like. does it have attributes called memberUid?

My settings are:

Group Members Attribute: uniqueMember

and the checkbox unchecked. You may have your openldap set up different from mine of course, so only looking at the ldif for a group will tell us.

Like
Alexander Alexa11
Alexander Alexander September 5, 2011

ldif of group:

dn: cn=block_ip,ou=dev,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: block_ip
description: users can use script block_ip
memberUid: daymon
memberUid: brian
memberUid: paul
memberUid: john
gidNumber: 14485


Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2011

Hrm I have the full DN for the users - perhaps it needs that? And do you have the revese lookup working, such that if you look at the ldif for a user it shows the groups they're in? I guess that needs to be tree if you have that checkbox checked.

I'm afraid I'm out of ideas, so you might need Atlassian support. But I wonder if it requires the full DN of the users rather than just the uid.

Like
Alexander Alexa11
Alexander Alexander September 5, 2011

ldif of user:

dn: uid=daymon,ou=staff,ou=users,dc=example,dc=com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 65534
givenName: Daymon
sn: Caulfield
displayName: daymon Caulfield
uid: daymon
homeDirectory: /home/daymon
loginShell: /bin/bash
mail: daymon@example.com.ua
cn: Daymon Caulfield
uidNumber: 56596
userPassword: {SHA}hashofholdensecretpass=

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events