Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP permissions

Arno Dekker
Arno Dekker
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 15, 2013

First time I ask for support, so I hope I follow the right path.

We are currently redesigning our Active Directory groups, and are somewhat struggling with the LDAP integration of Confluence (5.1).

Questions:

1. Is every account in AD always allowed to log in (not talking about seeing content)?

2. How can we narrow down the filter of users seen when querying users?

Our knowledge of LDAP is a bit limited and we where not able to find clear related documentation. Of course we can provide more info if needed.

Regards, Arno Dekker.

Answer
Watch
Like Be the first to like this
638 views

2 answers

1 vote
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 15, 2013

This is how we have ours set up so that we limit how many people can login to Confluence. Basically, the Additional User DN field tells Confluence where to find users. The User Object Filter will further filter the users that are found in the Additional User DN field. In our case we are only pulling in users that are members of the confluence-users AD group. As for groups we pull in any groups in the Managed Groups OU that start with confluence as the group name. This works pretty well. If we want someone to be able to log into Confluence we just add them to the confluence-users group. If we remove them then after the sync they can no longer log in.

LDAP Schema
Additional User DN: OU=Managed Users
Additional Group DN: OU=Managed Groups

User Schema Settings
User Object Class: user
User Object Filter: (&(objectCategory=Person)(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=domain,DC=com))

Group Schema Settings
Group Object Class: group
Group Object Filter: (&(objectCategory=Group)(sAMAccountName=confluence*))

Reply
0 votes
Arno Dekker
Arno Dekker
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 15, 2013

Nevermind, I just found out how to create a support ticket.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security