- Add a connection to LDAP in Confluence Admin >> User Directories with the Read Only, with Local Groups option
- Sync the directory and make sure that LDAP users are returned
- Add 1 LDAP user to a local group (membership)
- Change the User Object Filter in the directory's configuration in Confluence Admin >> User Directories to a dummy filter, such as the following:
- Sync the directory again (Notice that the LDAP users are missing)
- Revert the User Object Filter to the previous working filter
- Sync the directory again (notice that the LDAP users are back, but their local group memberships are gone)
- Restore the instance's database backup to a new database (i.e. not production) prior to the point where memberships were lost.
- Follow the instructions in step 1 of Migrating Local Group Memberships Between Directories to generate a CSV file of users and their memberships.
- Run through the rest of the instructions in that KB article to populate the production instance's group memberships.