Thanks

 But the post above has no solution ...

it indicates a solution was provided by Atalassian support but the solution is not available 

Hi @Amir Antonir,

What I would check:

• In the active directory settings, try a test logging with an AD user to verify if it's well configured.
• Check if the user/password used in the AD configuration is correct.
• As in the link posted explains`: "Recreat Active Directory Connector"

If everything is wrong, I recommend you to open a support ticket to Atlassian.

Thanks again

All checked and connector re-created citrectly

hoping someone in the community can assist 

how are you connected confluence to AD ? over https? If so, certs needs to be imported into java's keystore.

No need for certs, standard internal LDAP (not over SSL) connector

As stated, connectivity and synchronisation works well.

However, AD users (that are members of the designated group synch'ed with Confluence)AR e not able to login.

ANY IDEAS ?

Also, what is the impact of changing the order of the directories ?

If I push the internal directory below the AD entry, will I still be able to authenticate with local users ?

Hi Amir,

• Can you see the AD users in Confluence User Management after the sync?

Regarding directory order: Managing Multiple Directories

Effect of Directory Order
This section summarizes the effect the order of the directories will have on login and permissions, and on the updating of users and groups.

Login
The directory order is significant during the authentication of the user, in cases where the same user exists in multiple directories. When a user attempts to log in, the application will search the directories in the order specified, and will use the credentials (password) of the first occurrence of the user to validate the login attempt.

Permissions
Aggregating membership (default)
The directory order is not significant when granting the user permissions based on group membership as Confluence uses an aggregating membership scheme by default. If the same username exists in more than one directory, the application will aggregate (combine) group membership from all directories where the username appears.

Example:

You have connected two directories: The Customers directory and the Partners directory.
The Customers directory is first in the directory order.
A username jsmith exists in both the Customers directory and the Partners directory.
The user jsmith is a member of group G1 in the Customers directory and group G2 in the Partners directory.
The user jsmith will have permissions based on membership of both G1 and G2 regardless of the directory order.

Is it possible that the AD users do not have Global Permission to use Confluence? A symptom would be if they can log in but see a "not permitted" page after authenticating.

Aggregating membership applies to permissions but not initial login. If the internal directory is on top and the user is in that directory without belonging to the group that has the global permission to use Confluence then they will see the Not Permitted screen.

Hope it helps!

Ann

Ann,

Thanks for your reply.

no,i  cannot see the AD users post a SUCCESSFUL AD sync (which is the primary problem I am seeking assistance with..)

Thanks for your note re directory order.

To clarify, if I only have 1 external directory (eg.. AD) and the internal confluence directory, as long as the same we do not have duplicate usernames (i.e. same username in both directories) , either directory will be able to authenticate their respective users , regardless of order ?

It is very possible that the AD users do not have global permissions, but given I can see them once the sync is completed, I am not sure how one can apply the relevant permissions to them....

Your assistance is appreciated !

To clarify, if I only have 1 external directory (eg.. AD) and the internal confluence directory, as long as the same we do not have duplicate usernames (i.e. same username in both directories) , either directory will be able to authenticate their respective users , regardless of order ?

Yes, when authenticating the user it first checks the user in first directory (order #1) and then if the user does not exist or found then it will go to next directory to authenticate the user.  If there are duplicate users, then it authenticates the user in  first order directory and verifies user name/password to authenticate.  It won't go to next directory since the user was found in first directory

Typically, confluence users will be part of confluence-user group in order to see the content. Either you can make the user part of this group or if you have any custom group that contains all the users then make that group "Can Use" permissions under Global Permissions section. Refer below link;

https://confluence.atlassian.com/doc/global-permissions-overview-138709.html?_ga=2.42690405.1929814003.1519629772-1100255643.1519055591

Update

AD Groups groups are now successfully showing in Confluence but AD users, members of these groups, are not..

Any ideas ??

LDAP filters ?? 

Yes, LDAP filters and DNs. Please see this article for your user filter: How to write LDAP search filters and this guide for other settings: Connecting to an LDAP Directory such as:

Base DN

The root distinguished name (DN) to use when running queries against the directory server.

Examples:

• o=example,c=com
• cn=users,dc=ad,dc=example,dc=com
• For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and localfor your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.

Additional User DN

This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN.

Example:

• ou=Users

Thank you !