Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,366,726
Community Members
 
Community Events
168
Community Groups

Setup LDAP for Jira and Confluence

I'm looking for the best way to integrate JIRA and Confluence with LDAP for authentication.

My current setup is as follows:

JIRA uses LDAP Authentication as primary (Active Directory) and JIRA Internal Directory as Secondary

Confluence Uses LDAP Authenticaction as primary (The same AD) and JIRA Server as secondary, and Confluence Internal Directory as Tertiary. 

The problem I'm having is that we disabled automatic copy of login, and now I cannot create new confluence accounts that validate against LDAP. 

What are my options?

4 answers

1 vote
JK Rising Star Sep 10, 2014

Maybe this could help: Add users who are Jira/Confluence approved to a specific group in Active Directory. Import only members of this particular group to JIRA with the LDAP connector.

I really like this suggestion, and I think this would be probably best solution, however we we don't control the Active Directory, and turnaround time for request in active directory are quite long, so we are looking for a solution such as "Jira verifies against Active Directory and Confluence verifies against Jira" but I'm not sure if that is a feasible solution and if it's been done before.

The reason why we are disabling copy user functionality is because we don't want just any user to log into Jira/Confluence. IT needs to approve non IT users to gain access. When we switched from Jira user management to LDAP, we let the users know that they just need to log in with their AD credentials. Now we are having management asking to get those users removed as they have no approval, so we had to disable auto copy.

0 votes

Any specific reason to disable the copy user functionality? and since both JIRA and Confluence pull users from the LDAP, is there any specific reason to keep the JIRA Server directory in Confluence?

0 votes

Are you able to edit the user directory configuration for the ldap connectors? You should be able to login with a confluence/JIRA internal directory user and make changes to the ldap authentication user directory so that it meets your needs. Off the top of my head, I would say you need to configure it with read/write access to ldap so that you can create new accounts from the applications themselves.  

If you don't know the internal directory admin user you can follow these steps to recover:

http://confluence.atlassian.com/display/DOC/Restoring+Passwords+To+Recover+Admin+User+Rights

If this isn't really what you're asking, can you provide more details into how your connector is currently configured?

Yes, I am able to access and edit LDAP connectors. We are not trying to make Jira/Confluence create users in LDAP, rather control the users that are allowed access to Jira/Confluence, but be able to use LDAP for authentication. With jira, there is functionality that allows you to add users into the the specitif "directory" it being "Delegated LDAP Authentication" however with Confluence I haven't found similar functionality to be able to add user to Confluence "Delegated LDAP Authentication" directory

Confluence and JIRA have the same user management code - Crowd. There are no differences between the functionality. You can use delegated ldap authentication directories from both applications.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events