Group membership search breaks with Active Directory's automatic range limiting for large groups
Symptoms
- You are using Microsoft Active Directory
- Large groups from Active directory will not sync with Confluence but smaller ones will
- When synching larger groups from Active directory there is an additional 'range' value in the results
Cause
For performance reasons, Active Directory puts an automatic limit on LDAP queries: either 1000 results (on Windows 2000) or 1500 results (on Windows Server 2003). The correct way to retrieve results past this limit is to use the range option, as described at the link below.
Resolution
Upgrade Confluence to a version greater than or equal to 3.5. As per the bug report found at CONF-21981 this issue is fixed in version 3.5 of Confluence.
Last modified on Feb 23, 2016
Powered by Confluence and Scroll Viewport.