Hello Team,
We have integrated our confluence instance with LDAP.
Currently LDAP is in ready only mode with confluence.
We have one group as ML-Confluence which belongs to LDAP directory.and one internal group as confluence-users.
In Confluence users belonging to both the groups confluence-users and ML-Confluence has Use Confluence permission.
When we are removing any user from ML-Confluence group by updating LDAP to write mode the user gets removed from the same group and license count is reduced.
But when the LDAP is synced after 1 hour the user is again added to ML-confluence group increasing the license count.
Is this a known behavior or we are doing something wrong.
Need immediate help.
--
Hello Shaikh,
Are you updating Confluence to have a read/write connection to LDAP, and then removing the user from the group through Confluence? Or how was this group membership removed?
This sounds like it could be an issue coming from the permissions your LDAP service user has. For example, it could be that Confluence sends a request to remove the user from this group, but these changes are not reflected in LDAP. As a test, you could try the following:
You can use the native tool to connect to your LDAP server, such as Apache Directory Studio or Active Directory depending on your server type
Please then check if the issue is still there, or if you get any errors when trying to remove the group membership directly through LDAP. If the problem is still there, I would recommend reaching out directly to us through our support portal and attaching your support zip to the ticket so we can review your logs. I hope this helps!
Kind regards,
Daniel Ponzio | Atlassian Support
Hello Daniel,
Yes we are updating confluence to have read/write connection to LDAP. Followed by updating group membership update within confluence.
As of now we have removed those users from LDAP group directly and the license count is also reduced.
Thanks Daniel, I would definitely try these steps.
Regards,
Moiz.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.