Step 1: Upgrade to 3.5 using a default OSUser configuration
Shutdown your Confluence instance.
Do not copy your old osuser.xml. Instead, download the default osuser.xml and put this in <confluence 3.5.x>/confluence/WEB-INF/classes/.
Place the provided atlassian-user.xml file in <confluence 3.5.x>/confluence/WEB-INF/classes/ too.
Start Confluence 3.5. It will migrate all your configured users and groups to the new user management system. However, LDAP authentication is not yet configured and should be configured in Step 2.
Step 2: Set up LDAP configuration via the Confluence UI
If using a version of Confluence older than 3.5.4, you will need to download and install the patch for CONF-22295. To install it, shut down Confluence, extract the zip file so the patch files look like below (create the missing folders manually):
Log in to Confluence 3.5 using the administration username and password you used prior to configuring LDAP support in Confluence. (Confluence is not yet configured to point to LDAP, so your LDAP credentials will not work.)
Log in to Confluence, configure your LDAP directory via the User Directories option in the administration area. You will want to add a delegated LDAP authentication directory type ('Internal with LDAP Authentication'). You might want to enable 'Copy User on First Login' if necessary. This will create the user in Confluence if it doesn't already exist. This is useful if you intend to login as a user that was not present in your previous installation (and so will not be migrated) but is present on your LDAP server.
Reorder the directories so the LDAP directory is first.
Edit the address bar in the browser to go to http://<confluence url>/admin/migrateosuserldap.jsp and click on "start migration". This will migrate all the user information and properties from the old OS User user management.
You can now log in as an LDAP user. As before, the authentication is performed in LDAP, but the user information is stored in Confluence.