Can confluence use windows authentication when connecting to Active Directory

When i create an AD user directory, i see the password of that user, in clear text, in the database.
Not cool. That would definetly not get approved, by the security team in my company.

I would like the AD lookup, to use windows authentication. I have already setup the confluence service to run as a domain account.

Can i somehow tell confluence. to use that security context for LDAP queries against my Active Directory?

1 answer

Hi Martin,

I really thing that some confusing may have happened as Confluence doesn't store LDAP passwords in plain text in the database.

Also, as for Integrated Windows Authentication, it can be done in two different ways for Confluence:


Hi Tiago,

Thanks commenting.
Let me try to clarify.

When creating a LDAP user directory, i provide a username and password, that will be used when fetching users and groups. That password provided here, is saved to the database in clear text.

It is being saved to the table: [cwd_directory_attribute] with attributename as [ldap.password], and the password as value.

That is my concern.

It may be a solution to create a domain-account that has that single purpose, to read from AD, and then "live with" that it's password is revealed in the DB.

Another solution would be to use anonymous lookup, and configure the AD to allow anonymous access from the confluence servers specific IP address. Can that be configured in Confluence? (to use anonymous LDAP access)


A third option on the authentication-in-windows thing - you might want to look at (As well as "log into Windows and you're in Confluence too", it does SAML and some other stuff people ask for here)

And yes, this is a bit of a blatant plug, so I should say that I work for Adaptavist at the moment. I've not been involved in the development of it, it was there before I was, but I can vouch for the really good people who did write it.

Davin Studer Community Champion Mar 20, 2014

It is not in clear text in our installation. Sound like you've got a weird setup to me.

Yes, I should have said that too - the couple of AD connected Confluences I've dipped into today are definitely not storying plaintext passwords.

Wow. That is really weird! What kind of database are you guys using. I'm wondering if "MS SQL Server" is not supporting some special "password-field" used in other types of databases, making it save the password in clear-text?

The link above, is not the exact problem, but i think it relates very well.

If you have access to the confluence database, then try running this query and see what you get:

SELECT [directory_id],[attribute_value],[attribute_name] FROM <DatabaseName>.[dbo].[cwd_directory_attribute] WHERE attribute_name = 'ldap.password'

Update: Just tested on PostgreSQL. Same issue here. Ldap password is stored in clear text.

Hi Martin, same to me on MSSQL, the passwords are not in clear text. May I know what's your Confluence version?


Hi Tiago. Sure, the version i'm running is 5.4.3 (64-bit).

Verified the same behavior on v. 5.0.1 and 4.3.5 (all 64-bit).

Tiago, have you tried running the SQL i provided? I would be very suprised if you see a "scrambled" password. If you do, i would like to know which version you are seeing it on :)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

482 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you