Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-28621

User Loses all Local Group Memberships If LDAP Sync is Unable to find the User, but the User appears again in subsequent syncs

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 1 - Critical
    • Support reference count:
      47
    • Sprint:
      caterpillar, dobsonflies
    • Occurrence Factor:
      10%
    • QA Demo Status:
      Done
    • QA Kickoff Status:
      Done

      Description

      Steps to Reproduce

      1. Add a connection to LDAP in Confluence Admin >> User Directories with the Read Only, with Local Groups option
      2. Sync the directory and make sure that LDAP users are returned
      3. Add 1 LDAP user to a local group (membership)
      4. Change the User Object Filter in the directory's configuration in Confluence Admin >> User Directories to a dummy filter, such as the following:
        (&(objectclass=inetorgperson)(cn=dummynonexistentuser))
        
      5. Sync the directory again (Notice that the LDAP users are missing)
      6. Revert the User Object Filter to the previous working filter
      7. Sync the directory again (notice that the LDAP users are back, but their local group memberships are gone)

      Workaround

      1. Restore the instance's database backup to a new database (i.e. not production) prior to the point where memberships were lost.
      2. Follow the instructions in step 1 of Migrating Local Group Memberships Between Directories to generate a CSV file of users and their memberships.
      3. Run through the rest of the instructions in that KB article to populate the production instance's group memberships.

        Attachments

          Issue Links

            Activity

              People

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  1 year, 28 weeks, 5 days ago