Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can i Assign new user login to Default LDAP group confluence ?

saiprakash_avula
saiprakash_avula April 24, 2018

My confluence is connected to LDAP server where in we manage all our users and groups.

 

I had created a group called "confluence-users" in LDAP to make it default group but when ever a new user login's they are getting auto assigned to different "xyz-group" in LDAP (this is showing up in confluence that users added to xyz-group but cannot find users in LDAP server).

 

I wanted the users to be added to default "confluence-users" group i created in LDAP is there a way ???

 

I had already tried adding the group to ---> Global Permissions

& as well adding to --->User Directories ---->LDAP Permissions ---> Read only With Local Group        -----  and added the Default Group Membership name - "confluence-users"   but that didn't work !!

 

Please let me know if there is a work around for making an LDAP group default for users when they login !

 

Thanks,

Sai 

  

Answer
Watch
Like Be the first to like this
1872 views

1 answer

0 votes
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 25, 2018

Hi Sai,

The only way Confluence could add a user to the LDAP group would be if Confluence had read/write permission to the LDAP directory itself. This is not recommended and most organizations' LDAP administrators won't permit it since it can introduce unknown variables into the LDAP environment.

The workaround would be to add the users to the local confluence-users group by default. Please note that the LDAP directory has to be on the top in the User Directory hierarchy on the Confluence Admin>User Directories page, or else this bug will be triggered: Users are not automatically added to the default group when using LDAP with local groups permission

Thanks,

Ann

View More Comments
saiprakash_avula
saiprakash_avula April 30, 2018

Hi Ann,

Sorry for the late reply,

Thanks a lot for letting me know the turn around, creating a local 'confluence-users' group.

But as of now, the turn around doesn't work with our Architecture, as we are using a script through - JIRA Service Desk Portal to add users to OpenLDAP groups that allow users access to confluence, JIRA-projects, Bitbucket, Bamboo.

For confluence if i create a local group then there is no way of managing users from a central place and i need to add users manually every time locally, when there is a new user access request coming in. 

Please let me know if there are any other suggestion, i also see that thought there are no Read,Write permission give to OpenLDAP group, i see confluence showing me new users getting added to "xyz-group" of Open LDAP though users cannot be found in that group when browsing OpenLDAP manually.

 

Thanks,

Sai

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 30, 2018

Hi Sai,

My suggestion for your use case of needing to administer users from one place is to is to find out during onboarding if people need Confluence access, and add them to the confluence-users group in LDAP when the LDAP team is setting up all their other groups. 

If the user directory is set to read-only with local groups and groups are defined in the Default Group Memberships field, the groups listed in that field will be added to Confluence as local groups.

The User Directory setup explains that Default Group Memberships is

A comma-separated list of groups that users will be added to when they first log in. This will only be done once per user. These groups will be created if they don't already exist.

That is why the users cannot be found in the actual LDAP directory when you access it via LDAP admin tools. Without read/write access from Confluence to LDAP, no changes to the LDAP directory are made via Confluence.

Thanks,

Ann

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events