Can I connect Confluence to LDAP and still create non-LDAP users?

Consider the following – my organization's users have a centralized LDAP server for common authentication, but we would like to allow provisional access to Confluence for certain outside individuals (contractors, clients) who will not have LDAP accounts. It is also the case that only a small number of LDAP users (compared to the entire directory) should have access to Confluence.

Is this routine and relatively easy? Or will this require something like Crowd as an intermediary? You can kind of consider that our workgroup of confluence users is a sub-organization – we will make use of the LDAP server if possible, but not have any control over it.

2 answers

1 vote

You can have more than one "user directory" in Confluence.  For this case, the simple approach is to have 2 - the internal directory and your LDAP one.  Then you can create non-LDAP users in the internal directory and LDAP users in LDAP and you'll see both sets in Confluence.

The one important trick here - avoid using the same login ids and groups, because Confluence will only read for the first instance.

If, for example, you have an LDAP login for "penguin" and he's in the group "fish eaters" in LDAP, then you add "penguin" to the internal directory and only add it to group "has feathers", you will only ever see the penguin account from the first directory.  If LDAP is first, it will stop reading there and never see "penguin" in group "has feathers"

Ah, marvelous! I forgot about ldap groups -- I should just be able to use internal confluence groups for everybody, right? That is, mixing ldap users and "local" users in the same group as long as I don't dupe IDs?

You can easily create local user accounts, whether or not you are using LDAP.  You can just add them by clicking a button and filling in the information.

Having only some LDAP users have access is a harder problem.  If they are  different in some consistent way in LDAP it is possible to pick that up and only place some users into the confluence-users group – then as long as you don't allow anonymous access LDAP users not in that group won't be able to use Confluence. (I can't tell you exactly how to do that, but I know it can be done.  I think you need some custom coding to make it work.)

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

755 views 23 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you