-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
13
-
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
[9:45 AM] john kakritz: i wanted to talk to you about Active Directory LDAP integration with Confluence
[9:46 AM] john kakritz: hmm to sum it up, it appears that AD does not set the member atribute of the Domain Users group
[9:47 AM] john kakritz: rather it sets the primarygroupId to 513 which apparently is the Domain Users group
[9:47 AM] john kakritz: confluence does not recognize the primaryGroupID value
[9:48 AM] john kakritz: the effect is that granting Domain Users Global Permissions in confluence has no effect
[9:49 AM] john kakritz: i'm sure that i'm not the first person to integrate AD ldap with confluence so i was hoping that some notion of how to work around this already exists
[9:50 AM] john kakritz: http://support.microsoft.com/?kbid=275523 has some info from microsoft regarding this problem
[9:53 AM] john kakritz: http://confluence.atlassian.com/display/DEV/How+to+map+LDAP+Users+and+Groups+to+Confluence+via+Atlassian+User
[9:53 AM] john kakritz: also seems to address the issue
- is caused by
-
- Closed
- is related to
-
- Closed
-
- Closed
- relates to
-
CONFSERVER-38289 Embedded Crowd missing primary group support for Active Directory
-
- Gathering Impact
-
-
- Closed
[CONFSERVER-6729] primaryGroupId not visible to Confluence when integrated with AD LDAP
Problem fixed in CROWD 2 years ago,+ still not fixed in Confluence+.
Affected Versions: 5.X also.
Robert Pennoyer
added a comment - This ticket has been open for eight years. Remember 2006? Italy won the world cup, Dick Cheney shot a guy in the face, and Confluence's Active Directory integration was broken. Read the notes above; this is a bugfix, not an improvement. We're asking only for Confluence to query AD the same way Jira and Crowd do.
There have been a lot of really great fixes and features added in recent Confluence releases, so I know two things: the dev team has been busy, and the dev team is capable of great work. Please let us know when this will be fixed.
Robert Pennoyer
added a comment - This ticket has been open for eight years. Remember 2006? Italy won the world cup, Dick Cheney shot a guy in the face, and Confluence's Active Directory integration was broken. Read the notes above; this is a bugfix, not an improvement. We're asking only for Confluence to query AD the same way Jira and Crowd do.
There have been a lot of really great fixes and features added in recent Confluence releases, so I know two things: the dev team has been busy, and the dev team is capable of great work. Please let us know when this will be fixed. Robert Pennoyer
added a comment - Agreed. Why is this listed as an improvement? Atlassian knows it's a bug fix, because they fixed it in Crowd. Now they just need to move the same fix into Confluence. It's bizarre that they'd fix it in one app but not another. Maybe there was only one person at Atlassian who understood LDAP, and he left?
Robert Pennoyer
added a comment - Agreed. Why is this listed as an improvement? Atlassian knows it's a bug fix, because they fixed it in Crowd. Now they just need to move the same fix into Confluence. It's bizarre that they'd fix it in one app but not another. Maybe there was only one person at Atlassian who understood LDAP, and he left? 
Gus Welter
added a comment - Seriously... this is not an improvement; it's a basic bug fix. 
Michael Jones
added a comment - I have just setup Confluence 5.4.3 and set it so that "Domain Users" have access in Confluence. When it didn't work, I went in and looked at the user inside Confluence and it doesn't recognize that the user is part of the "Domain Users" group. I am not using CROWD, this is configured just within Confluence. It recognized all of the other groups that user is a part of, but not "Domain Users". As I see comments on this going back for years, I have to ask. Is this going to be fixed?
Michael Jones
added a comment - I have just setup Confluence 5.4.3 and set it so that "Domain Users" have access in Confluence. When it didn't work, I went in and looked at the user inside Confluence and it doesn't recognize that the user is part of the "Domain Users" group. I am not using CROWD, this is configured just within Confluence. It recognized all of the other groups that user is a part of, but not "Domain Users". As I see comments on this going back for years, I have to ask. Is this going to be fixed? Robert Pennoyer
added a comment - Following up on the above: we have implemented Crowd in between our Confluence installation and Active Directory. It does pull primary group memberships, and our permissions problem has been resolved.
We did not anticipate that this architecture breaks the "User Profile Plugin" from Communardo, which fills a serious gap in the Confluence user profile page by filling in Department, Position, Phone Number, etc., from AD.
Robert Pennoyer
added a comment - Following up on the above: we have implemented Crowd in between our Confluence installation and Active Directory. It does pull primary group memberships, and our permissions problem has been resolved.
We did not anticipate that this architecture breaks the "User Profile Plugin" from Communardo, which fills a serious gap in the Confluence user profile page by filling in Department, Position, Phone Number, etc., from AD. Robert Pennoyer
added a comment - This is a real problem for us. Like Peter above, we've spent a lot of time troubleshooting permission problems only to find out that this error is the cause. We use Primary Group membership for a variety of other purposes in AD, including drive and printer mapping using GPP, so we're not really in a position to throw all that out to accommodate this bug.
Robert Pennoyer
added a comment - This is a real problem for us. Like Peter above, we've spent a lot of time troubleshooting permission problems only to find out that this error is the cause. We use Primary Group membership for a variety of other purposes in AD, including drive and printer mapping using GPP, so we're not really in a position to throw all that out to accommodate this bug. 
wow this must be a new record! a bug report from 2006!!!! that is still an issue. for me it affects Jira CORE as well and that is where i am noticing it.
a 13 year old bug, never addressed, and applying to multiple products in your suite. amazing. truely a new record. i think the oldest unsolved bug i saw previously was 2010 and i thought a 9 year old bug was bad...
i would really like to use domain users for things. since everyone has a domain users group, its pretty basic that this should work.