I've just created a new security group in Active Directory called 'Confluence'. I have added all the users who are intended to have access to Confluence.
When I go to Confluence Admin and add an Active Directory, I can connect to the AD server. In the LDAP Schema section I put in:
Base DN: ou=[org], dc=[org], dc=local
That returns all users in Active Directory fine.
What I can't figure out how to do is how to then filter against the security group Confluence. In particular:
- I assume I use cn=Confluence (rather than ou=Confluence)?
- do I put this filter into the Base DN field, the Additional User DN, the Additional Group DN or into another section?
Sorry for the newbie question. I've tried a bunch fo different permutations and combinations without luck.
When connecting Confluence to an LDAP or AD server, you want to specify a base DN that is sufficient high enough in the tree such that Confluence can search the lower branches for users and groups.
If you created the Confluence security group under the OU "org" (eg. cn=Confluence,ou=org,dc=org,dc=com), and search all depths is enabled (only applies to Confluence 3.4.9 and earlier), then Confluence should be able to find the group assuming the group has an attribute matched in the group search filter; the default group search filter is (objectCategory=Group). If this key value pair is missing in your security group, Confluence won't know it's a group and it will not show up in the Manage Group UI.
You can use the Additional User and Group DN spaces to append RDNs to the Base DN to narrow the search. If you store your users in cn=Users,ou=org,dc=org,dc=local, you can add cn=Users into the Additional User DN to start all searchs for users at that depth.
One solid test to narrow down whether this is an issue with DN assignments or with search filters/attribute mapping is to set your Base DN to the root of the dirtectory, remove any Additional DNs, then see if Confluence can find the group. If it does, it's an issue with your Base DN/Additional DN combinations. If it does not, try asjusting your search filter so that it matches a unique key value pair in your security group entry.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs