You're visiting the Confluence Knowledge Base. Visit the Confluence Knowledge Base Home for an overview.

Skip to end of metadata
Go to start of metadata


Confluence 3.5 cannot automatically upgrade instances that use OSUser LDAP authentication. The following appears in the atlassian-confluence.log:

In Confluence 3.5.1 and above, the following appears in the atlassian-confluence.log:


Check osuser.xml. You should see LDAP connection details, like:


Confluence 3.5 cannot automatically upgrade configurations using LDAP Authentication with OSUser.


This upgrade involves two steps outlined below.

Step 1: Upgrade to 3.5 using a default OSUser configuration
  1. Shutdown your Confluence instance.
  2. Do not copy your old osuser.xml. Instead, download the default osuser.xml and put this in <confluence 3.5.x>/confluence/WEB-INF/classes/.
  3. Place the provided atlassian-user.xml file in <confluence 3.5.x>/confluence/WEB-INF/classes/ too.
  4. Start Confluence 3.5. It will migrate all your configured users and groups to the new user management system. However, LDAP authentication is not yet configured and should be configured in Step 2.
Step 2: Set up LDAP configuration via the Confluence UI
  1. If using a version of Confluence older than 3.5.4, you will need to download and install the patch for CONF-22295. To install it, shut down Confluence, extract the zip file so the patch files look like below (create the missing folders manually):

    <confluence 3.5.x>/confluence/admin/migrateosuserldap.jsp
    <confluence 3.5.x>/confluence/WEB-INF/classes/com/atlassian/user/util/migration/*.class
  2. Start Confluence 3.5
  3. Log in to Confluence 3.5 using the administration username and password you used prior to configuring LDAP support in Confluence. (Confluence is not yet configured to point to LDAP, so your LDAP credentials will not work.)
  4. Log in to Confluence, configure your LDAP directory via the User Directories option in the administration area. You will want to add a delegated LDAP authentication directory type ('Internal with LDAP Authentication'). You might want to enable 'Copy User on First Login' if necessary. This will create the user in Confluence if it doesn't already exist. This is useful if you intend to login as a user that was not present in your previous installation (and so will not be migrated) but is present on your LDAP server.
  5. Reorder the directories so the LDAP directory is first.
  6. Edit the address bar in the browser to go to http://<confluence url>/admin/migrateosuserldap.jsp and click on "start migration". This will migrate all the user information and properties from the old OS User user management.
  7. You can now log in as an LDAP user. As before, the authentication is performed in LDAP, but the user information is stored in Confluence.

If your groups did not come across in this process, follow the instructions here: Local Group Memberships for LDAP Users are Lost After Confluence 3.5.x Upgrade

Make sure to follow the additional steps in Upgrading Confluence once your user management system is working correctly.

Help us improve!

Is this article helpful?
Is it well written?
Is the content complete?


  1. Wow, Step 7 holds vital information at the very end. I wish that the step to enable the "Copy users on login" had been higher up in the procedure, as I've now locked myself out.

    1. Hi Abel, I've moved that to point 4 and added an explanation of what it does. It should not be necessary to enable that unless you intend to login as an LDAP user that did not exist before as the migration process in point 6 of step 2 creates entries for LDAP users that were in the old system. Hope this helps. If you're stuck, feel free to raise a support ticket.