Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Active Directory - newbie question

Ishtiaque Omar
Ishtiaque Omar July 28, 2011

Hi,

I've just created a new security group in Active Directory called 'Confluence'. I have added all the users who are intended to have access to Confluence.

When I go to Confluence Admin and add an Active Directory, I can connect to the AD server. In the LDAP Schema section I put in:

Base DN: ou=[org], dc=[org], dc=local

That returns all users in Active Directory fine.

What I can't figure out how to do is how to then filter against the security group Confluence. In particular:

- I assume I use cn=Confluence (rather than ou=Confluence)?

- do I put this filter into the Base DN field, the Additional User DN, the Additional Group DN or into another section?

Sorry for the newbie question. I've tried a bunch fo different permutations and combinations without luck.

Thanks,

Ish

Answer
Watch
Like Be the first to like this
2308 views

3 answers

1 accepted

4 votes
Answer accepted
Jim Birch
Jim Birch
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 31, 2011

Add the group to your user search filter, eg,

(&(memberOf=CN=ConfluenceUsers,OU=SharedGroups,DC=XYZ,DC=local)(objectClass=user))

Note: You can use this same construct in the group search filter to select groups you want to show in confluence.

View More Comments
Ishtiaque Omar
Ishtiaque Omar November 7, 2011

Jim, This worked perfectly. Thanks a bunch.
Like
Reply
1 vote
Adam Laskowski
Adam Laskowski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 28, 2011

When connecting Confluence to an LDAP or AD server, you want to specify a base DN that is sufficient high enough in the tree such that Confluence can search the lower branches for users and groups.

If you created the Confluence security group under the OU "org" (eg. cn=Confluence,ou=org,dc=org,dc=com), and search all depths is enabled (only applies to Confluence 3.4.9 and earlier), then Confluence should be able to find the group assuming the group has an attribute matched in the group search filter; the default group search filter is (objectCategory=Group). If this key value pair is missing in your security group, Confluence won't know it's a group and it will not show up in the Manage Group UI.

You can use the Additional User and Group DN spaces to append RDNs to the Base DN to narrow the search. If you store your users in cn=Users,ou=org,dc=org,dc=local, you can add cn=Users into the Additional User DN to start all searchs for users at that depth.

One solid test to narrow down whether this is an issue with DN assignments or with search filters/attribute mapping is to set your Base DN to the root of the dirtectory, remove any Additional DNs, then see if Confluence can find the group. If it does, it's an issue with your Base DN/Additional DN combinations. If it does not, try asjusting your search filter so that it matches a unique key value pair in your security group entry.

View More Comments
Ishtiaque Omar
Ishtiaque Omar November 7, 2011

Adam, thanks for the explanation behind how this works. Much appreciated.
Like
Reply
0 votes
Ishtiaque Omar
Ishtiaque Omar August 2, 2011

Jim, This worked perfectly. Thanks a bunch. And Adam, thanks for the explanation behind how it works as well. Very much appreciated.

View More Comments
Andrew Ardill
Andrew Ardill
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2011

Ish, you should think about converting this 'answer' into a commnt on the other answers.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events