Confluence user directory change - help

Hi All,

I'm trying to change the user authentication method on my Confluence instance from JIRA User directory to LDAP authentication. Please let me know the best way to achieve this.

There are some custom groups and users having specific permissions on existing spaces and these groups and users came from JIRA User directory.

Also want to know how we can authenticate users from LDAP for the first time login? means.. once LDAP integrated, simply users can login to conflunce by thier LDAP username/password or they need to do any kind of sign-up? If auto detection of username/password is not possible, then can I add them into confluence and associate to specific permission manually? (That instance is only having 61 users)

Please help on this. Many thanks in advance.

1 answer

1 accepted

This widget could not be displayed.
Mirek Community Champion Jul 02, 2013

Hi Sanu,

Please take a look on this guide:

https://answers.atlassian.com/questions/78076/migrate-from-internal-authentication-to-internal-with-ldap-authentication

I think also that if you will add the same user in LDAP and then LDAP will be first in User Directories then Confluence will search for the user first in LDAP then on Internal Directory. It shold do the trick to migrate the user. However you need to check if all the groups will be migrated. In my opinion you will loose them in the process, so then you will need to manually. You can give it a try with one test user first.

I hope that will help,

Best Regards,

Mirek

Thanks Mirek for the suggestion.

We already had users in the LDAP server but not the groups. So I need to create same groups in LDAP server?

Currently users and groups are present in JIRA user directory and that's how they are accessing confluence.

Which LDAP configuration permission type is better to use? Read only with local groups?or read only? or read/write?

If I'm going for Read only with local groups LDAP permissions, then groups can be manageable from confluence... right? And at the beginning, from LDAP itself I need to map the users to specific groups.. so then only users will get right permission...right? but here, later on every time if we are adding a new user to LDAP then need to map same user to confluence-users groups to get access in confluence? Or do they need to do any kind of sign-up? Is this the right permission scheme?

If we going for read only LDAP permission configuration, then I can't able to manage the users/groups with in confluence..right? So then, everytime I need to contact LDAP admin for the permission change?

What about read/write... ?

Please suggest.

Mirek Community Champion Jul 04, 2013

Hi Sanu,

Connecting to an LDAP directory server is useful if your users and groups are stored in a corporate directory. When configuring the directory, you can choose to make it:

  • read only,
  • read only with local groups,
  • read/write.

If you choose read/write, any changes made to user and group information in the application will also update the LDAP directory.

I am personally using always only LDAP for authentication. All grups are created localy in the app. RW can cause some performance issues when having a lot of groups in LDAP.

When choosing this option you are managing groups only in your app. You can set default membership on first login for every new user. When user will want to login then application will connect to the LDAP, check if the user exist.. If not his account will be created with default membership. Passwords only can be changed in LDAP, but groups can be created in the app.

In general it depends how you want to use your corporate LDAP. If it is allowed to modifiy it then feel free to use R/W .. If not use it only for authentication and keep groups localy. The decision, which option choose is up you.

Just give it a try. Set up some test instance and try all options. After that you should pick the right decision.

I hope that this will be helpful,

Best Regards,

Mirek

Thanks Mirek for your suggestions.

I'm going for to test with readonly with local groups as I feel this one is perfect for our configuration. Only this after integration, I need to map users to some custom groups for getting necessary permission on the spaces.

One more doubt..

How can I map users to these local groups after LDAP integration? Means, I will get only the list of users after they login conflunce once? Or do I get users from confluence people search soon after the LDAP integration (without users tried to login)? Please clarify.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published Tuesday in Confluence

Add-on evaluation with confluence templates

Atlassian market place contains number of Apps/Addons which improves the capability of out of the box Atlassian products. It is good to follow a plugin evaluation process before install add-ons. So t...

149 views 12 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you