I'm trying to change the user authentication method on my Confluence instance from JIRA User directory to LDAP authentication. Please let me know the best way to achieve this.
There are some custom groups and users having specific permissions on existing spaces and these groups and users came from JIRA User directory.
Also want to know how we can authenticate users from LDAP for the first time login? means.. once LDAP integrated, simply users can login to conflunce by thier LDAP username/password or they need to do any kind of sign-up? If auto detection of username/password is not possible, then can I add them into confluence and associate to specific permission manually? (That instance is only having 61 users)
Please help on this. Many thanks in advance.
Please take a look on this guide:
I think also that if you will add the same user in LDAP and then LDAP will be first in User Directories then Confluence will search for the user first in LDAP then on Internal Directory. It shold do the trick to migrate the user. However you need to check if all the groups will be migrated. In my opinion you will loose them in the process, so then you will need to manually. You can give it a try with one test user first.
I hope that will help,
Thanks Mirek for the suggestion.
We already had users in the LDAP server but not the groups. So I need to create same groups in LDAP server?
Currently users and groups are present in JIRA user directory and that's how they are accessing confluence.
Which LDAP configuration permission type is better to use? Read only with local groups?or read only? or read/write?
If I'm going for Read only with local groups LDAP permissions, then groups can be manageable from confluence... right? And at the beginning, from LDAP itself I need to map the users to specific groups.. so then only users will get right permission...right? but here, later on every time if we are adding a new user to LDAP then need to map same user to confluence-users groups to get access in confluence? Or do they need to do any kind of sign-up? Is this the right permission scheme?
If we going for read only LDAP permission configuration, then I can't able to manage the users/groups with in confluence..right? So then, everytime I need to contact LDAP admin for the permission change?
What about read/write... ?
Connecting to an LDAP directory server is useful if your users and groups are stored in a corporate directory. When configuring the directory, you can choose to make it:
If you choose read/write, any changes made to user and group information in the application will also update the LDAP directory.
I am personally using always only LDAP for authentication. All grups are created localy in the app. RW can cause some performance issues when having a lot of groups in LDAP.
When choosing this option you are managing groups only in your app. You can set default membership on first login for every new user. When user will want to login then application will connect to the LDAP, check if the user exist.. If not his account will be created with default membership. Passwords only can be changed in LDAP, but groups can be created in the app.
In general it depends how you want to use your corporate LDAP. If it is allowed to modifiy it then feel free to use R/W .. If not use it only for authentication and keep groups localy. The decision, which option choose is up you.
Just give it a try. Set up some test instance and try all options. After that you should pick the right decision.
I hope that this will be helpful,
One more doubt..
How can I map users to these local groups after LDAP integration? Means, I will get only the list of users after they login conflunce once? Or do I get users from confluence people search soon after the LDAP integration (without users tried to login)? Please clarify.
Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs