Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-20589

LDAP user details in LDAP group browser are incorrect if there is a mismatch on membership attribute DN and usernameAttribute

    XMLWordPrintable

Details

    Description

      If you do an LDAP integration, if the usernameAttribute is not part of the DN that defines the members of Groups, then Confluence will cause this problem, though it will allow them to use confluence if that group has 'can use' defined, as well as access any spaces that specifically grant view permission to that particular group.

      Take for example this scenario, the members attribute does not include employeeNumber in the DN:

      In atlassian-user.xml, there is attribute:

      <usernameAttribute>employeeNumber</usernameAttribute>

      An example user:

      dn: uid=azwandi,ou=People,dc=atlassian,dc=com
cn: Azwandi Mohd Aris
employeeNumber: 9035
givenname: Azwandi
sn: MohdAris
uid: azwandi

      An example group:

      dn: cn=super-heroes,ou=Support Practices,ou=Departments,dc=atlassian,dc=com
cn: super-heroes
member: uid=azwandi,ou=People,dc=atlassian,dc=com

      This results in the following:

      Notice the difference when the same LDAP user is added to local group (displays fine):

      Attachments

        1. ldap_group.png
          ldap_group.png
          21 kB
        2. local_group.png
          local_group.png
          27 kB

        Activity

          People

            matt@atlassian.com Matt Ryall
            amohdaris Azwandi Mohd Aris (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: