Confluence Converting Users in Internal Directory to AD Directory

Brandon Pal June 19, 2013

SO I'm not sure if i'm missing somethign as I google away or if it's just not out there.

I have about 5-10 users in the internal directory that I would like to move to our AD directory.

If I jsut add them to the AD group they loose there current access levels and there posts are no longer linked with there account.

So how do I add them to the AD group and also merge the account with there interall account?

2 answers

1 accepted

0 votes
Answer accepted
AndrewA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 19, 2013

Hello,
Content in Confleunce is tighly linked to the username. If the username in AD matches the username from the internal direcotry, then simply synching should against AD should assoicate the content. However, it sounds like the usernames differ (otherwise you wouldn't be making this request). In that case, the options are 1) Chaning the username in AD and 2) Chaning the username in Confluence.

Changing the username in Confluence is currently difficult and involves hacking at the DB which is not supported by Atlassian. However, the ability to change usernames in Confluence is coming soon so depending on your time table it may be worth it to wait. If not, then the following page shows how some people accomplish changing usernames in Confluence. Again, this is not support by Atlassian nor do we recommend it so please do so at your own risk.

Changing usernames in Confluence

Cheers,
Andrew

Brandon Pal June 19, 2013

Hi,

Thank you for getting back to me so quickly.

Actually the names are the same but what I have found in testing is...

When I started another admin added me to the internal directory accidentaly. When I add myself to the correct group in AD and try to log back into Confluence I loose my groups and no longer am able to access anything in Confluence.

Am I missing something or is there a way to merge the two?

AndrewA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 20, 2013

Hi Brandon,
This could be a matter of ordering the driecotries. When a user logs in, Confluence searches these direcotries in the order they appear on the user direcotry page. Once the user is found, it stops looking and moves forward with what is found.

What this means is that we will pull the info for the direcotry the user is found in. If AD is first, then we respect the username and groups found there. If the internal directory is first then we respect the username and groups found there. Both these statements assume that the exact username (caseing as well) exists in both user direcotries.

Is the caseing he same in both direcotries? Also, is AD in the first position or is the internal direcotry?

Cheers,
Andrew

Brandon Pal June 20, 2013

AD is the first position. How can i merge the 2 accounts so I can

1) remove the internall directory
2) make sure users retain groups and posts

Thank for you help.

AndrewA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 20, 2013

Hi Brandon,
Removing the internal directory is not advised as it is best to retain the internal user direcotry with at least one unique user which has Confluence administrative privleges. That way, should something happen to the AD conenction we can still access Confluence. This internal user should have a unique name that would never appear in AD (otherwise it could become shadowed).

For the content, as long as the username is identical between the interal dir and AD (casing and all) all of thier content will remain associated. For the groups, if we have 'read only with local groups' specified for the AD direcotry then when a user logs in it will copy over the groups that were associtated with the user in the internal direcotry.

Cheers,
Andrew

Brandon Pal June 21, 2013

Ok so I just tested with a user.

We have 'read only with local groups' specified for the AD direcotry.

The user logged in and autenticated agenst AD but lost all there User group memberships in Confluence.

:S ?

Brandon Pal July 4, 2013

Andrew any ideas as to why this is?

AndrewA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 14, 2013

Hi Brendan,

Sorry for the late response, I was away from the site for a bit. I did some testing and am afraid I was mistaken before about the gorup memberships. The groups will continue to exist in the internal direcotry and the users are now in AD. However, the membership will need to be recreated. If we navigate to each user and edit their group details we can add them to the needed groups. I believe there are only 15 users so adding this manually should be quick. There is a way to migrate these memberships in bulk but adding them manually may be faster. For details on the bulk move please see the following page.

Migrate local group memberships between directories

Consdering the number of users though I think that manualy adding the users back would be easier.

Cheers,
Andrew

0 votes
AndrewA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 14, 2013

Hi Brendan,

Sorry for the late response, I was away from the site for a bit. I did some testing and am afraid I was mistaken before about the gorup memberships. The groups will continue to exist in the internal direcotry and the users are now in AD. However, the membership will need to be recreated. If we navigate to each user and edit their group details we can add them to the needed groups. I believe there are only 15 users so adding this manually should be quick. There is a way to migrate these memberships in bulk but adding them manually may be faster. For details on the bulk move please see the following page.

Migrate local group memberships between directories

Consdering the number of users though I think that manualy adding the users back would be easier.

Cheers,
Andrew

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events