For certain directory types, Confluence stores a cache of directory information (users and groups) in the application database, to ensure fast recurrent access to user and group data. A synchronisation task runs periodically to update the internal cache with changes from the external directory.
Affected Directory Types
Data caching and synchronisation apply to the following user directory types:
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read only.
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read only, with local groups.
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read/write.
- Atlassian Crowd.
- Atlassian JIRA.
Data caching and synchronisation do not occur for the following user directory types:
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to authentication only, with local groups.
- Internal Directory with LDAP Authentication.
- Internal Directory.
How it Works
Here is a summary of the caching functionality:
- The caches are held in the application database.
- When you connect a new external user directory to the application, a synchronisation task will start running in the background to copy all the required users, groups and membership information from the external directory to the application database. This task may take a while to complete, depending on the size and complexity of your user base.
- Note that a user will not be able to log in until the synchronisation task has copied that user's details into the cache.
- A periodic synchronisation task will run to update the database with any changes made to the external directory. The default synchronisation interval, or polling interval, is one hour (60 minutes). You can change the synchronisation interval on the directory configuration screen.
- You can manually synchronise the cache if necessary.
- If the external directory permissions are set to read/write: Whenever an update is made to the users, groups or membership information via the application, the update will also be applied to the cache and the external directory immediately.
- All authentication happens via calls to the external directory. When caching information from an external directory, the application database does not store user passwords.
- All other queries run against the internal cache.
Finding the Time Taken to Synchronise
The 'User Directories' screen shows information about the last synchronisation operation, including the length of time it took.
Manually Synchronising the Cache
You can manually synchronise the cache by clicking 'Synchronise' on the 'User Directories' screen. If a synchronisation operation is already in progress, you cannot start another until the first has finished.
Screen snippet: User directories, showing information about synchronisation
Configuring the Synchronisation Interval
Note: The option to configure the synchronisation interval for Crowd and JIRA directories is available in Confluence 3.5.3 and later. Earlier versions of Confluence allow you to configure the interval for LDAP directories only.
You can set the 'Synchronisation Interval' on the directory configuration screen. The synchronisation interval is the period of time to wait between requests for updates from the directory server.
The length you choose for your synchronisation interval depends on:
- The length of time you can tolerate stale data.
- The amount of load you want to put on the application and the directory server.
- The size of your user base.
If you synchronise more frequently, then your data will be more up to date. The downside of synchronising more frequently is that you may overload your server with requests.
If you are not sure what to do, we recommend that you start with an interval of 60 minutes (this is the default setting) and reduce the value incrementally. You will need to experiment with your setup.
- Configuring the Internal Directory
- Connecting to an LDAP Directory
- Connecting to an Internal Directory with LDAP Authentication
- Connecting to Crowd or JIRA for User Management
- Connecting to JIRA 4.2 or Earlier for User Management
- Managing Multiple Directories
- Managing Nested Groups
- Synchronising Data from External Directories
- Diagrams of Possible Configurations for User Management
- User Management Limitations and Recommendations
- Requesting Support for External User Management
- Disabling the Built-In User Management