Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-28621

User Loses all Local Group Memberships If LDAP Sync is Unable to find the User, but the User appears again in subsequent syncs

    XMLWordPrintable

Details

    Description

      Steps to Reproduce

      1. Add a connection to LDAP in Confluence Admin >> User Directories with the Read Only, with Local Groups option
      2. Sync the directory and make sure that LDAP users are returned
      3. Add 1 LDAP user to a local group (membership)
      4. Change the User Object Filter in the directory's configuration in Confluence Admin >> User Directories to a dummy filter, such as the following:
        (&(objectclass=inetorgperson)(cn=dummynonexistentuser))
        
      5. Sync the directory again (Notice that the LDAP users are missing)
      6. Revert the User Object Filter to the previous working filter
      7. Sync the directory again (notice that the LDAP users are back, but their local group memberships are gone)

      Workaround

      1. Restore the instance's database backup to a new database (i.e. not production) prior to the point where memberships were lost.
      2. Follow the instructions in step 1 of Migrating Local Group Memberships Between Directories to generate a CSV file of users and their memberships.
      3. Run through the rest of the instructions in that KB article to populate the production instance's group memberships.

      Attachments

        Issue Links

          Activity

            People

              fxu Feng Xu (Inactive)
              fsim Foo Sim (Inactive)
              Votes:
              79 Vote for this issue
              Watchers:
              83 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: