Active Directory - newbie question

Hi,

I've just created a new security group in Active Directory called 'Confluence'. I have added all the users who are intended to have access to Confluence.

When I go to Confluence Admin and add an Active Directory, I can connect to the AD server. In the LDAP Schema section I put in:

Base DN: ou=[org], dc=[org], dc=local

That returns all users in Active Directory fine.

What I can't figure out how to do is how to then filter against the security group Confluence. In particular:

- I assume I use cn=Confluence (rather than ou=Confluence)?

- do I put this filter into the Base DN field, the Additional User DN, the Additional Group DN or into another section?

Sorry for the newbie question. I've tried a bunch fo different permutations and combinations without luck.

Thanks,

Ish

3 answers

1 accepted

Add the group to your user search filter, eg,

(&(memberOf=CN=ConfluenceUsers,OU=SharedGroups,DC=XYZ,DC=local)(objectClass=user))

Note: You can use this same construct in the group search filter to select groups you want to show in confluence.

Jim, This worked perfectly. Thanks a bunch.

When connecting Confluence to an LDAP or AD server, you want to specify a base DN that is sufficient high enough in the tree such that Confluence can search the lower branches for users and groups.

If you created the Confluence security group under the OU "org" (eg. cn=Confluence,ou=org,dc=org,dc=com), and search all depths is enabled (only applies to Confluence 3.4.9 and earlier), then Confluence should be able to find the group assuming the group has an attribute matched in the group search filter; the default group search filter is (objectCategory=Group). If this key value pair is missing in your security group, Confluence won't know it's a group and it will not show up in the Manage Group UI.

You can use the Additional User and Group DN spaces to append RDNs to the Base DN to narrow the search. If you store your users in cn=Users,ou=org,dc=org,dc=local, you can add cn=Users into the Additional User DN to start all searchs for users at that depth.

One solid test to narrow down whether this is an issue with DN assignments or with search filters/attribute mapping is to set your Base DN to the root of the dirtectory, remove any Additional DNs, then see if Confluence can find the group. If it does, it's an issue with your Base DN/Additional DN combinations. If it does not, try asjusting your search filter so that it matches a unique key value pair in your security group entry.

Adam, thanks for the explanation behind how this works. Much appreciated.

Jim, This worked perfectly. Thanks a bunch. And Adam, thanks for the explanation behind how it works as well. Very much appreciated.

Ish, you should think about converting this 'answer' into a commnt on the other answers.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

781 views 23 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you