I'm looking for the best way to integrate JIRA and Confluence with LDAP for authentication.
My current setup is as follows:
JIRA uses LDAP Authentication as primary (Active Directory) and JIRA Internal Directory as Secondary
Confluence Uses LDAP Authenticaction as primary (The same AD) and JIRA Server as secondary, and Confluence Internal Directory as Tertiary.
The problem I'm having is that we disabled automatic copy of login, and now I cannot create new confluence accounts that validate against LDAP.
What are my options?
I really like this suggestion, and I think this would be probably best solution, however we we don't control the Active Directory, and turnaround time for request in active directory are quite long, so we are looking for a solution such as "Jira verifies against Active Directory and Confluence verifies against Jira" but I'm not sure if that is a feasible solution and if it's been done before.
The reason why we are disabling copy user functionality is because we don't want just any user to log into Jira/Confluence. IT needs to approve non IT users to gain access. When we switched from Jira user management to LDAP, we let the users know that they just need to log in with their AD credentials. Now we are having management asking to get those users removed as they have no approval, so we had to disable auto copy.
Are you able to edit the user directory configuration for the ldap connectors? You should be able to login with a confluence/JIRA internal directory user and make changes to the ldap authentication user directory so that it meets your needs. Off the top of my head, I would say you need to configure it with read/write access to ldap so that you can create new accounts from the applications themselves.
If you don't know the internal directory admin user you can follow these steps to recover:
If this isn't really what you're asking, can you provide more details into how your connector is currently configured?
Yes, I am able to access and edit LDAP connectors. We are not trying to make Jira/Confluence create users in LDAP, rather control the users that are allowed access to Jira/Confluence, but be able to use LDAP for authentication. With jira, there is functionality that allows you to add users into the the specitif "directory" it being "Delegated LDAP Authentication" however with Confluence I haven't found similar functionality to be able to add user to Confluence "Delegated LDAP Authentication" directory