My users are logged automatically in confluence (without any login page).
Is there a way to log with admin account even if all active directoy servers are down ?
And does the user cache remains after a reboot ?
We have our technical documentation on that system and it should be available even with part of your infrastructure down ( i.e. Active Directory)
I am using Confluence HTTP Authenticator (and no budget for shinnny paid SSO solutions, unfortunately).
Yes, it is possible to login with admin rights even if your AD server is down.
In this case you would login as a internal administrator, which is stored in the Confluence Internal Directory. Of course, this directory must be enabled for this to work. We don't suggest you disable the Internal directory.
You can identify and recover the password for the local administrator following the instructions from this article.
I believe it depends on the order of the user directories in confluence. If the internal directory is on the first position, then even if the LDAP crashes, you can still login with the internal admin. However if the LDAP is on the first position, the instance will fail with the sync and the subsequent logins won't work.
It all depends on what solution you are using for SSO - can you share more details? Some SSO solutions (like our EasySSO) provide means to skip SSO via a special URL and revert to regular application (Confluence) login page. You ability to login with an account then depends on how the application is configured - if the account is local then it should be possible. Re: user cache - please elaborate what cache is meant and where.
I have the internal directory enabled and I have set a dummy admin account and set its password.
I have tried to login using that admin account, but no luck unable to login. If I delete the LDAP config I can login with that admin user so the account seems properly set.
Should I use any directory-prefix when I try to login with a local account? (like Internal\dummyAdmin)
Hi Anael, Another option would be to use Crowd. You would configure Confluence to use Crowd as its user management system and link Crowd to two different directories: 1/ Active Directory 2/ An internal Crowd directory in which you would have your local admin accounts. You would then be able to log onto Confluence with your admin accounts even if Active Directory is down. My 2 cents :-) Best regards, Bruno
Hi Anael, I certainly do not want to go on and on about this, I did get that you do not have extra budget for any other software or integration right now. However I just wanted to let you let you know about a successful configuration that I have just tested in two minutes time on my test environment. It might be interesting for you if you don't find any other solution. So, as I wrote earlier, I configured Confluence to use Crowd and I linked Crowd to an internal directory containing the local admin accounts and an AD Active Directory containing the Windows users accounts. Windows SSO (no login page) is provided by this add-on: https://marketplace.atlassian.com/plugins/com.cleito.iwaac I stopped the AD domain controller so as to simulate a problem and I was still able to login to Confluence using the local admin accounts without changing any configuration file. Hope this might help. Best regards, Bruno
So, SSO happens before Confluence (probably in front-facing Apache?). This is where a "bypass" needs to be configured and the questions about "AD being offline" are to that authenticator, not Confluence e.g. if AD is offline, will the SSO authenticator fail completely or let your through to the Confluence login page (where the local admin should work in this situation) In this kind of setup Apache is playing a "reverse proxy" and the location being proxied is configured to do something to perform SSO. You probably need to setup another location in Apache _without SSO_ proxying the same Confluence instance. Confluence may require a separate entry (and a separate port) in server.xml with correct proxy details.
Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time! We're looking for people to participate in a remote 1-hr workshop...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs