Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Active directory groups mapping

Adam Gaudry
Adam Gaudry
Contributor
February 11, 2019

Hi there

 

I am trying to connect Confluence Server to AD. But for some reason, it seems to fail when trying to read nested groups.

I have nested groups enabled, but it doesn't seem to be able to register people who are nested.

So if person A is in group B, and group B is in group C, it doesn't seem to recognise that person A is in group B and C. 

Is there any advice that people can give me to assist with this issue? Is there an advanced setting that controls the max depth of nesting Confluence can read in AD?

Best wishes

Answer
Watch
Like Be the first to like this
1597 views

3 answers

1 vote
Adam Gaudry
Adam Gaudry
Contributor
February 12, 2019

Hi @Jonathan Smith and @Tarun Sapra

Thanks for your answers. I feel I should provide you with more details as to the config.

Nested groups are enabled in Confluence.

The incremental sync has also been turned off.

For reference, we are currently using Crowd to sync AD to Atlassian apps, but we are trying to move away from that. 

I have duplicated the same config (ie the same options and the LDAP Schema) as I can see in Crowd. But whereas Crowd applies the permissions and groups correctly, connecting Confluence doesn't seem to work as I'd hoped.

Is there anything else I'm missing, is there any information I can provide that would help more?

View More Comments
Jonathan Smith
Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 12, 2019

Hi @Adam Gaudry,

  Our responsibilities are broken up in our IT. I worked with our server team to set up the Active Directory settings in User Directories.

If you want, I can supply you the configurations we used if you think that will help.

Note: We are on Confluence server.

- Jon

Like
Adam Gaudry
Adam Gaudry
Contributor
February 13, 2019

Thanks very much @Jonathan Smith. I missed an obvious step; restarting the Confluence services completely, and reran the sync after disabling and re-enabling the AD directory.

That seems to have pulled through significantly more, if not all, the nested group structures that I would expect to see.

There is a fairly major issue from my point of view though. We need to be able to give certain people administrator access to Confluence through an AD group structure. So in addition to the local (to Confluence) confluence-administrators group, we have created a confluence-admins AD group. I have given this as many permissions as possible through Global and Space permissions. However, I notice that it still doesn't have the elevated super-user access that people in the internal confluence-administrators group do.

Because in Confluence (unlike Crowd) you don't seem to be able to nest a group within a group (for example I can't make confluence-admins - the AD group - a member of confluence-administrators, the local group), this is a bit of an issue. Because it means that I would have to add and remove members to the confluence-administrators group manually. Which is not ideal for our purposes. 

How do you get around this issue? Or do you just have people manually added to the super-user group? I have read somewhere that calling the AD group the same as the internal group might help?

Best wishes

Adam

Like
Reply
0 votes
Jonathan Smith
Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 11, 2019

Hi @Adam Gaudry,

  Within User Directories, Active Directory, expand Advanced Settings and un-check Enable Incremental Synchronization. Also, confirm 'Update group memberships when logging in' is set to "every time the user logs in".  Save, then synchronize.

We found that Confluence never did a full AD sync when incremental was checked. 

Hope this helps!

- Jonathan

Reply
0 votes
Tarun Sapra
Tarun Sapra
Community Champion
February 11, 2019

Hello @Adam Gaudry

You have to enable nested groups in the directory configuration at the confluence end as well. 

I use nested groups for Confluence connected with Crowd which is further connected to LDAP. In the directory configuration in COnfluence user directory you have to enable the nested groups.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.