Users do not retain LDAP group memberships due to POSIX LDAP or incorrect membership attribute

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Users can authenticate, but do not have their LDAP group memberships.

Diagnosis

This can be caused either by misconfiguration or by requiring POSIX.

  1. The most likely cause for this is an incorrect membership id in the LDAP configuration. To confirm, view a user or group's record. If the group contains a membershipUId, and the corresponding value is simply a username rather than a fully qualified DN, see resolution 1.
  2. This problem can also be caused by an incorrect membership attribute in the directory configuration, ie the membership attribute is configured as 'username', but in the LDAP itself the membership attribute is the DN. See resolution 2.
  3. If the membership settings are correct, this issue may be because you are using a POSIX LDAP repository. See resolution 3.

Resolution

Resolution 1 - Membership ID in LDAP

Confirm the attribute being used in the LDAP to link users to groups. If this is not the FQDN, change it so that it is.

Resolution 2 - Membership attribute in directory configuration

Check Connecting to an LDAP Directory, paying specific attention to the membership settings. Ensure that the membership attribute selected is the FQDN, and that that is also set in the LDAP itself.

Resolution 3 - POSIX directory

Confirm that you are using a POSIX directory schema. Edit the directory configuration, and set the type of LDAP connection to POSIX from the drop-down list of LDAP connection types, then resync.

Related Content

See Configuring an LDAP Directory Connector for more information on POSIX, and directory types.

 

Last modified on Feb 19, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.