Problem

If your LDAP configuration of security groups are in a particular OU, it may be difficult to determine how to bring users in from LDAP and the groups they are associated with.

Diagnosis

Environment

• LDAP connection to Confluence

Diagnostic Steps

• If you have a connection to LDAP and the users are being synchronized without groups

Resolution

With an LDAP configuration that utilizes security groups in an OU, it is necessary to separate where the users and groups are coming from.  

• We will need the User filter to pull the particular users (in the setup of the directory, under User Configuration)
• The Group filter (in the setup of the directory, under Group Configuration) will need to be pointed to the OU where the general user accounts exist (and security groups).

With these settings, the correct users will be synchronized with Confluence, and any security groups will be associated with them.

Example:

(&(objectCategory=Person)(sAMAccountName=*)
((memberOf=cn=confluence-users,ou=Groups,dc=sydney,dc=atlassian,dc=com)

• This will pull all users in the confluence-users group (each individual account)
• If the security groups are managed elsewhere, we will need to provide that location in the group settings:

(&(objectCategory=Group)((ou=confluence-security)))