Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can I connect Confluence to LDAP and still create non-LDAP users?

Nick Reilingh
Nick Reilingh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2014

Consider the following – my organization's users have a centralized LDAP server for common authentication, but we would like to allow provisional access to Confluence for certain outside individuals (contractors, clients) who will not have LDAP accounts. It is also the case that only a small number of LDAP users (compared to the entire directory) should have access to Confluence.

Is this routine and relatively easy? Or will this require something like Crowd as an intermediary? You can kind of consider that our workgroup of confluence users is a sub-organization – we will make use of the LDAP server if possible, but not have any control over it.

Answer
Watch
Like Be the first to like this
424 views

2 answers

1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 14, 2014

You can have more than one "user directory" in Confluence.  For this case, the simple approach is to have 2 - the internal directory and your LDAP one.  Then you can create non-LDAP users in the internal directory and LDAP users in LDAP and you'll see both sets in Confluence.

The one important trick here - avoid using the same login ids and groups, because Confluence will only read for the first instance.

If, for example, you have an LDAP login for "penguin" and he's in the group "fish eaters" in LDAP, then you add "penguin" to the internal directory and only add it to group "has feathers", you will only ever see the penguin account from the first directory.  If LDAP is first, it will stop reading there and never see "penguin" in group "has feathers"

View More Comments
Nick Reilingh
Nick Reilingh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 15, 2014

Ah, marvelous! I forgot about ldap groups -- I should just be able to use internal confluence groups for everybody, right? That is, mixing ldap users and "local" users in the same group as long as I don't dupe IDs?

Like
Reply
0 votes
Jonathan Simonoff
Jonathan Simonoff
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 14, 2014

You can easily create local user accounts, whether or not you are using LDAP.  You can just add them by clicking a button and filling in the information.

Having only some LDAP users have access is a harder problem.  If they are  different in some consistent way in LDAP it is possible to pick that up and only place some users into the confluence-users group – then as long as you don't allow anonymous access LDAP users not in that group won't be able to use Confluence. (I can't tell you exactly how to do that, but I know it can be done.  I think you need some custom coding to make it work.)

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events