Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Setup LDAP for Jira and Confluence

Enterprise Procurement
Enterprise Procurement September 10, 2014

I'm looking for the best way to integrate JIRA and Confluence with LDAP for authentication.

My current setup is as follows:

JIRA uses LDAP Authentication as primary (Active Directory) and JIRA Internal Directory as Secondary

Confluence Uses LDAP Authenticaction as primary (The same AD) and JIRA Server as secondary, and Confluence Internal Directory as Tertiary. 

The problem I'm having is that we disabled automatic copy of login, and now I cannot create new confluence accounts that validate against LDAP. 

What are my options?

Answer
Watch
Like Be the first to like this
1274 views

4 answers

1 vote
JK
JK
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2014

Maybe this could help: Add users who are Jira/Confluence approved to a specific group in Active Directory. Import only members of this particular group to JIRA with the LDAP connector.

View More Comments
Enterprise Procurement
Enterprise Procurement September 12, 2014

I really like this suggestion, and I think this would be probably best solution, however we we don't control the Active Directory, and turnaround time for request in active directory are quite long, so we are looking for a solution such as "Jira verifies against Active Directory and Confluence verifies against Jira" but I'm not sure if that is a feasible solution and if it's been done before.

Like
Reply
0 votes
Enterprise Procurement
Enterprise Procurement September 10, 2014

The reason why we are disabling copy user functionality is because we don't want just any user to log into Jira/Confluence. IT needs to approve non IT users to gain access. When we switched from Jira user management to LDAP, we let the users know that they just need to log in with their AD credentials. Now we are having management asking to get those users removed as they have no approval, so we had to disable auto copy.

Reply
0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2014

Any specific reason to disable the copy user functionality? and since both JIRA and Confluence pull users from the LDAP, is there any specific reason to keep the JIRA Server directory in Confluence?

Reply
0 votes
Ryan Goodwin
Ryan Goodwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2014

Are you able to edit the user directory configuration for the ldap connectors? You should be able to login with a confluence/JIRA internal directory user and make changes to the ldap authentication user directory so that it meets your needs. Off the top of my head, I would say you need to configure it with read/write access to ldap so that you can create new accounts from the applications themselves.  

If you don't know the internal directory admin user you can follow these steps to recover:

http://confluence.atlassian.com/display/DOC/Restoring+Passwords+To+Recover+Admin+User+Rights

If this isn't really what you're asking, can you provide more details into how your connector is currently configured?

View More Comments
Enterprise Procurement
Enterprise Procurement September 10, 2014

Yes, I am able to access and edit LDAP connectors. We are not trying to make Jira/Confluence create users in LDAP, rather control the users that are allowed access to Jira/Confluence, but be able to use LDAP for authentication. With jira, there is functionality that allows you to add users into the the specitif "directory" it being "Delegated LDAP Authentication" however with Confluence I haven't found similar functionality to be able to add user to Confluence "Delegated LDAP Authentication" directory

Like
Ryan Goodwin
Ryan Goodwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2014

Confluence and JIRA have the same user management code - Crowd. There are no differences between the functionality. You can use delegated ldap authentication directories from both applications.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events