Details

    • Last commented by user?:
      true

      Description

      Resolved in Confluence 3.5

      We are pleased to advise that support for nested groups is available in Confluence 3.5. You can find instructions on how to configure nested groups in our documentation:

      More information about the great new features available with the release of Confluence 3.5 can be found in the release notes. Thanks for your interest and support of Confluence.

      Currently in Atlassian-user, groups can only include users, not other groups. Support for nested groups would allow groups to contain other groups.

      For example, consider the following simplified LDAP records:

      dn: cn=sales,ou=groups
      cn: sales
      member: cn=salesman,ou=users

      dn: cn=staff,ou=groups
      cn: staff
      member: cn=ceo,ou=users
      member: cn=sales,ou=groups

      In this example, the group 'sales' is a group containing just a single user, 'salesman'. However, the 'staff' group contains both the user 'ceo' and the group 'sales'.

      In Atlassian-user, implementing nested groups would mean that 'salesman' would be a member of both 'sales' and 'staff' in the above scenario. Atlassian-user should also recognise that both users and groups can be members of a group, especially when listing the membership information for a group. (That is, a list of the members of 'staff' should have two entries: an entry for the 'ceo' user and an entry for the 'sales' group. The membership should not automatically be condensed into a list of two users.)

      In applications, permissions granted to the 'staff' group should apply to both 'salesman' and 'ceo'. Additionally, any new users added to 'sales' should automatically gain these permissions.

      1. roche-user-auth-1.0.jar
        3 kB
        Michal Szklanowski
      2. swisscom-user-auth.zip
        11 kB
        Erich Buri
      3. swisscom-user-auth-1.0.jar
        5 kB
        Patrick Bizeau
      4. swisscom-user-auth-1.1.jar
        6 kB
        Erich Buri
      5. swisscom-user-auth-1.1.zip
        69 kB
        Erich Buri
      6. swisscom-user-auth-1.2.jar
        6 kB
        Patrick Bizeau
      7. swisscom-user-auth-1.2.zip
        63 kB
        Patrick Bizeau
      8. swisscom-user-auth-1.2-conf31.diff
        1 kB
        Sascha Kettler
      9. swisscom-user-auth-1.2-tngpatched.jar
        6 kB
        Christian Grandsjö
      10. swisscom-user-auth-confluence2.5.x.zip
        6 kB
        Michal Szklanowski

        Issue Links

          Activity

          Hide
          AEMS- added a comment -

          Reading the whole threat, I am very disappointed that such a powerful product is lacking on basic out of the box functionality. We are planning to roll out Confluence across our specialized groups for knowledge exchange and when we have over 600+ users changing teams across the organization very frequently, it becomes a nightmare to administrate as well as to keep the cost down.

          I really do hate to see such a basic requirement has been delayed, until a new release on superb product. Is there no other interim solution which we can use other buying CROWD?

          Show
          AEMS- added a comment - Reading the whole threat, I am very disappointed that such a powerful product is lacking on basic out of the box functionality. We are planning to roll out Confluence across our specialized groups for knowledge exchange and when we have over 600+ users changing teams across the organization very frequently, it becomes a nightmare to administrate as well as to keep the cost down. I really do hate to see such a basic requirement has been delayed, until a new release on superb product. Is there no other interim solution which we can use other buying CROWD?
          Hide
          Fabian Unterreiner added a comment -

          We have as well an unlimited enterprise license of Confluence in our company with more than 26.000 users. In an enterprise environement it is normal to use nested groups, therefore it is a 'must' to have this supported in an enterprise wiki. The knowledge is available for Atlassian --> CROWD, so please help us out and do something. I can't stand anymore the anmount of tickets opend on our user help desk

          Show
          Fabian Unterreiner added a comment - We have as well an unlimited enterprise license of Confluence in our company with more than 26.000 users. In an enterprise environement it is normal to use nested groups, therefore it is a 'must' to have this supported in an enterprise wiki. The knowledge is available for Atlassian --> CROWD, so please help us out and do something. I can't stand anymore the anmount of tickets opend on our user help desk
          Hide
          Matt Ryall [Atlassian] added a comment -

          I'm pleased to let you know that the first milestone of Confluence 3.5, including the improved user management support, is available for testing. Release notes which include a download link for 3.5-m1 are available here:

          There is no documentation available yet for the new LDAP integration aside from what is on the release notes, so I'd suggest starting from a clean installation and going to Administration > User Directories in order to set up the configuration of your LDAP server from scratch. Hopefully you won't find it too difficult. There will be complete support for automatic migration for existing instances in 3.5, but it has a couple of glitches that we're still working on.

          There is a lot of detail about the improvements on the release notes, and a few important limitations you should be aware of:

          • Nested groups aren't shown as such in the Confluence UI; you'll see users appearing under every group they are either direct or indirect members of
          • The initial synchronisation may take several hours if you have 100,000+ memberships, but subsequent syncs should be faster, particularly with Active Directory. (Low latency connections to the LDAP server are highly recommended!)
          • Crowd integration has a known issue with nested groups that we're looking into.

          It would be great if anyone who is interested in this feature could test this release against their LDAP server in a test environment and let us know how it goes. In particular, we'd like to know about any problems with configuring the directory, whether there are any errors in synchronising the LDAP data, and whether the hourly synchronisation successfully keeps Confluence's data up to date with changes on your server.

          If you have any feedback about the milestone, please raise a separate CONF issue against version 3.5, and include a copy of your log files. I'm also happy to receive direct email if you have any questions or concerns. Whatever you do, please don't spam 160+ people by posting your feedback on this ticket!

          To set your expectations appropriately, the expected release date is still a few months away. We'll continue releasing milestones about every two weeks as development proceeds. I won't post here about every release; if you want to track the 3.5 milestones, you should watch the Development Releases page which will be updated when future milestones are published.

          Thanks for your continued support,
          Matt Ryall
          Confluence Development

          Show
          Matt Ryall [Atlassian] added a comment - I'm pleased to let you know that the first milestone of Confluence 3.5, including the improved user management support, is available for testing. Release notes which include a download link for 3.5-m1 are available here: Confluence 3.5-m1 ("Milestone 1") Release Notes There is no documentation available yet for the new LDAP integration aside from what is on the release notes, so I'd suggest starting from a clean installation and going to Administration > User Directories in order to set up the configuration of your LDAP server from scratch. Hopefully you won't find it too difficult. There will be complete support for automatic migration for existing instances in 3.5, but it has a couple of glitches that we're still working on. There is a lot of detail about the improvements on the release notes, and a few important limitations you should be aware of: Nested groups aren't shown as such in the Confluence UI; you'll see users appearing under every group they are either direct or indirect members of The initial synchronisation may take several hours if you have 100,000+ memberships, but subsequent syncs should be faster, particularly with Active Directory. (Low latency connections to the LDAP server are highly recommended!) Crowd integration has a known issue with nested groups that we're looking into. It would be great if anyone who is interested in this feature could test this release against their LDAP server in a test environment and let us know how it goes. In particular, we'd like to know about any problems with configuring the directory, whether there are any errors in synchronising the LDAP data, and whether the hourly synchronisation successfully keeps Confluence's data up to date with changes on your server. If you have any feedback about the milestone, please raise a separate CONF issue against version 3.5 , and include a copy of your log files. I'm also happy to receive direct email if you have any questions or concerns. Whatever you do, please don't spam 160+ people by posting your feedback on this ticket! To set your expectations appropriately, the expected release date is still a few months away. We'll continue releasing milestones about every two weeks as development proceeds. I won't post here about every release; if you want to track the 3.5 milestones, you should watch the Development Releases page which will be updated when future milestones are published. Thanks for your continued support, Matt Ryall Confluence Development
          Hide
          Sherif Mansour [Atlassian] added a comment -

          Updated issue description with status.

          Show
          Sherif Mansour [Atlassian] added a comment - Updated issue description with status.
          Hide
          Matt Ryall [Atlassian] added a comment -

          I'm pleased to report that this issue is resolved for Confluence 3.5. You can now configure nested groups for your LDAP server by checking the 'Enable Nested Groups' checkbox in the LDAP directory configuration.

          More details on how to configure user directories in Confluence 3.5 and later can be found here:

          http://confluence.atlassian.com/display/DOC/Configuring+User+Directories

          You can read about the other great features in the Confluence 3.5 release in our release notes:

          http://confluence.atlassian.com/display/DOC/Confluence+3.5+Release+Notes

          Please raise any issues or improvement suggestions as new issues against Confluence 3.5. Thanks very much for your continued support.

          Best regards,
          Matt Ryall
          Team Lead, Confluence 3.5 User Management Improvements

          Show
          Matt Ryall [Atlassian] added a comment - I'm pleased to report that this issue is resolved for Confluence 3.5. You can now configure nested groups for your LDAP server by checking the 'Enable Nested Groups' checkbox in the LDAP directory configuration. More details on how to configure user directories in Confluence 3.5 and later can be found here: http://confluence.atlassian.com/display/DOC/Configuring+User+Directories You can read about the other great features in the Confluence 3.5 release in our release notes: http://confluence.atlassian.com/display/DOC/Confluence+3.5+Release+Notes Please raise any issues or improvement suggestions as new issues against Confluence 3.5. Thanks very much for your continued support. Best regards, Matt Ryall Team Lead, Confluence 3.5 User Management Improvements