Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Connecting to remote LDAP

Fabian Unruh
Fabian Unruh May 8, 2012

i get this error message while testing the remote connections to my ldap.

where can i edit these settings? (

Testen, ob sich der Benutzer authentifizieren kann : Fehlgeschlagen

Write operations are not allowed in read-only mode (FlushMode.NEVER): Turn your Session into FlushMode.AUTO or remove 'readOnly' marker from transaction definition.
all other test succeed and groups are already imported.
thanks for your help.
fabian
Answer
Watch
Like Be the first to like this
1673 views

3 answers

1 accepted

0 votes
Answer accepted
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 8, 2012

Hi Fabian,

Could you please try to synchronize the directory first before do the "Test Authenticate".

Edited:

Sorry I missed out this:

all other test succeed and groups are already imported.

Seems like you have synchronize the user already, I thought this was the cause of your issue

https://jira.atlassian.com/browse/CONF-25384

Anyway, I think it would be a good idea to pass this to the support channel so that we could analyze your logs thoroughly.

If you want to continue here, you might want to pass the snippet of the stack trace written on your atlassian-confluence.log so that we could get a better idea of the issue. Also, could you please let us know when this issue occurred, is it when you "Test Authenticate" the user, or when the user try to log-in to Confluence.

Looking forward to hear from you.

Cheers,

Septa Cahyadiputra

View More Comments
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 8, 2012

Ah, if that is the case, means you need to double check your configuration. The fact that groups retrieve successfully means there must be something wrong with your configuration.

Double check is the "Additional User DN" or "User Object Filter" and see if there are anything wrong with it.

I highly recommend you to use a third party LDAP browser such as Apache Directory Server to check your configuration and search filter.

Hope it helps.

Cheers,

Septa Cahyadiputra

Like
Fabian Unruh
Fabian Unruh May 8, 2012

the error happens while testing the LDAP connection.

my Basic DN = cn=users,dc=xxx,dc=xxx

so by calling this i should get all ad-users who are in the users group?

additional user DN is empty,

user object filter = (&(objectCategory=Person)(sAMAccountName=*))

is there anything wrong... im going to try get the info using Apache DS

Like
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 9, 2012

Seems like you will need to create a support ticket so that we could review your user example LDIF export and your current "Directory Configuration Summary" to understand clearly why Confluence was not able to retrieve the whole user base.

In the meantime, could you please confirm that the credential used by Confluence to bind to the LDAP server has the necessary privilege to browse users?

Like
Reply
0 votes
Deleted user August 16, 2012

I've been busy setting up a link to Active Directory. I also had the same message when testing the LDAP connections, even though the sync went okay.

I have the link with AD working now. The message is still shown if the directory connections are tested, but apparently it is not a big issue.

Some things are worth mentioning when setting up the directory connections, so I will do so here.

Each connection must contain groups and the users belonging to those groups. If they come from multiple domains, then create new LDAP connections for them.

We have several domains here, lets call them CORP (main level), A, B and C.
My groups were all in domain A, while users could come from domain CORP, A, B and C.

Then the setup is like this:
- Hostname: corp.company.com
- Base DN: DC=Corp,DC=Company,DC=com (same as hostname, but written in LDAP style)
- Additional User DN: ...,DC=A (or B, or C, or leave it out for the CORP level)
- Additional Group DN: ...,DC=A (does not change as the groups are always here)
- use a Group Object Filter should the OU for the groups return too much groups. Suppose you want only groups starting with "confluencewiki-". This would be written like this: (&(objectCategory=Group)(cn=confluencewiki-*))

Although the group part is the same each time, you will not get duplicates in Confluence. The only result will be users from different directory connections in the same group.

I also noticed that even though a full sync completes successfully, it does not mean that all users are there (groups seemed to be there, although there were not many). Users cannot be found under 'Users' and are also not shown in any group under 'Groups'.
This is not a problem though. If a user that is member of a group used for Confluence logs in, then the account will be added and groups will be updated.

Hope this helps... took me a couple of days to find out :-)

Reply
0 votes
Fabian Unruh
Fabian Unruh May 8, 2012

sync leads to no errors but only the groups are synchronised not the users. any other ideas?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.