It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence user directory change - help

Sanu Soman Jul 02, 2013

Hi All,

I'm trying to change the user authentication method on my Confluence instance from JIRA User directory to LDAP authentication. Please let me know the best way to achieve this.

There are some custom groups and users having specific permissions on existing spaces and these groups and users came from JIRA User directory.

Also want to know how we can authenticate users from LDAP for the first time login? means.. once LDAP integrated, simply users can login to conflunce by thier LDAP username/password or they need to do any kind of sign-up? If auto detection of username/password is not possible, then can I add them into confluence and associate to specific permission manually? (That instance is only having 61 users)

Please help on this. Many thanks in advance.

1 answer

1 accepted

0 votes
Answer accepted
Mirek Community Leader Jul 02, 2013

Hi Sanu,

Please take a look on this guide:

I think also that if you will add the same user in LDAP and then LDAP will be first in User Directories then Confluence will search for the user first in LDAP then on Internal Directory. It shold do the trick to migrate the user. However you need to check if all the groups will be migrated. In my opinion you will loose them in the process, so then you will need to manually. You can give it a try with one test user first.

I hope that will help,

Best Regards,


Sanu Soman Jul 02, 2013

Thanks Mirek for the suggestion.

We already had users in the LDAP server but not the groups. So I need to create same groups in LDAP server?

Currently users and groups are present in JIRA user directory and that's how they are accessing confluence.

Which LDAP configuration permission type is better to use? Read only with local groups?or read only? or read/write?

If I'm going for Read only with local groups LDAP permissions, then groups can be manageable from confluence... right? And at the beginning, from LDAP itself I need to map the users to specific groups.. so then only users will get right permission...right? but here, later on every time if we are adding a new user to LDAP then need to map same user to confluence-users groups to get access in confluence? Or do they need to do any kind of sign-up? Is this the right permission scheme?

If we going for read only LDAP permission configuration, then I can't able to manage the users/groups with in confluence..right? So then, everytime I need to contact LDAP admin for the permission change?

What about read/write... ?

Please suggest.

Mirek Community Leader Jul 04, 2013

Hi Sanu,

Connecting to an LDAP directory server is useful if your users and groups are stored in a corporate directory. When configuring the directory, you can choose to make it:

  • read only,
  • read only with local groups,
  • read/write.

If you choose read/write, any changes made to user and group information in the application will also update the LDAP directory.

I am personally using always only LDAP for authentication. All grups are created localy in the app. RW can cause some performance issues when having a lot of groups in LDAP.

When choosing this option you are managing groups only in your app. You can set default membership on first login for every new user. When user will want to login then application will connect to the LDAP, check if the user exist.. If not his account will be created with default membership. Passwords only can be changed in LDAP, but groups can be created in the app.

In general it depends how you want to use your corporate LDAP. If it is allowed to modifiy it then feel free to use R/W .. If not use it only for authentication and keep groups localy. The decision, which option choose is up you.

Just give it a try. Set up some test instance and try all options. After that you should pick the right decision.

I hope that this will be helpful,

Best Regards,


Sanu Soman Jul 04, 2013

Thanks Mirek for your suggestions.

I'm going for to test with readonly with local groups as I feel this one is perfect for our configuration. Only this after integration, I need to map users to some custom groups for getting necessary permission on the spaces.

Sanu Soman Jul 04, 2013

One more doubt..

How can I map users to these local groups after LDAP integration? Means, I will get only the list of users after they login conflunce once? Or do I get users from confluence people search soon after the LDAP integration (without users tried to login)? Please clarify.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

6 Awesome Ways to Apply Trello, JIRA and Confluence to your Project

I attended  Atlassian Summit 2019  and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...

911 views 6 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you