Consider the following – my organization's users have a centralized LDAP server for common authentication, but we would like to allow provisional access to Confluence for certain outside individuals (contractors, clients) who will not have LDAP accounts. It is also the case that only a small number of LDAP users (compared to the entire directory) should have access to Confluence.
Is this routine and relatively easy? Or will this require something like Crowd as an intermediary? You can kind of consider that our workgroup of confluence users is a sub-organization – we will make use of the LDAP server if possible, but not have any control over it.
You can have more than one "user directory" in Confluence. For this case, the simple approach is to have 2 - the internal directory and your LDAP one. Then you can create non-LDAP users in the internal directory and LDAP users in LDAP and you'll see both sets in Confluence.
The one important trick here - avoid using the same login ids and groups, because Confluence will only read for the first instance.
If, for example, you have an LDAP login for "penguin" and he's in the group "fish eaters" in LDAP, then you add "penguin" to the internal directory and only add it to group "has feathers", you will only ever see the penguin account from the first directory. If LDAP is first, it will stop reading there and never see "penguin" in group "has feathers"
You can easily create local user accounts, whether or not you are using LDAP. You can just add them by clicking a button and filling in the information.
Having only some LDAP users have access is a harder problem. If they are different in some consistent way in LDAP it is possible to pick that up and only place some users into the confluence-users group – then as long as you don't allow anonymous access LDAP users not in that group won't be able to use Confluence. (I can't tell you exactly how to do that, but I know it can be done. I think you need some custom coding to make it work.)
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs