Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.10.1, 2.10.2, 2.10.3, 2.10.4, 3.0, 3.0.1
-
None
Description
If you do an LDAP integration, if the usernameAttribute is not part of the DN that defines the members of Groups, then Confluence will cause this problem, though it will allow them to use confluence if that group has 'can use' defined, as well as access any spaces that specifically grant view permission to that particular group.
Take for example this scenario, the members attribute does not include employeeNumber in the DN:
In atlassian-user.xml, there is attribute:
<usernameAttribute>employeeNumber</usernameAttribute>
An example user:
dn: uid=azwandi,ou=People,dc=atlassian,dc=com cn: Azwandi Mohd Aris employeeNumber: 9035 givenname: Azwandi sn: MohdAris uid: azwandi
An example group:
dn: cn=super-heroes,ou=Support Practices,ou=Departments,dc=atlassian,dc=com cn: super-heroes member: uid=azwandi,ou=People,dc=atlassian,dc=com
This results in the following:
Notice the difference when the same LDAP user is added to local group (displays fine):