Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I configure Confluence to synchronize only a subset of users from my Microsoft AD?

jacob9
jacob April 6, 2014

I have created an AD group where I'm adding AD groups containing users that should be able to log in to Confluence.

I have successfully synchronised the whole AD but as we only have XX number of licenses, I would like to limit the number of accounts that are synchronised.

I've tried to follow the steps in the guide below but I cant get it to work.

https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluence

I have tried setting this DN in the "Base DN" field but it failed to work:

CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org

However, when i only type in the following, it works and synchronise the whole AD.

DC=world,DC=myad,DC=org

Where should i add this field: CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources

?

Kind regards

Answer
Watch
Like Be the first to like this
315 views

2 answers

0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 13, 2014

Hi Jacob,

I assume CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org is a group, right?

If you want just the users on this group to be synchronized, you can set your base DN to be DC=world,DC=myad,DC=org, leave both Additional User and Group DN’s empty, and under User Schema Settings->User Object Filter, you use a filter like this:

(&(objectClass=Person)(sAMAccountName=*)(memberOf=CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org))

This will ensure only users on CONFLUENCE_GROUP_USERS will be pulled from AD.

Please let me know if this works for you.

Best regards,

Felipe Alencastro

View More Comments
jacob9
jacob June 1, 2014

Thank you, but I tried that solution but only the accounts that directly belonged to the Confluence group were found.

The users that had a group belonging to the Confluence group where not found (as the Confluence group wasn't directly connected to those users) so that didn't work for me unfortunately.

Like
Reply
0 votes
NotTheRealStephenSifersNOPENOPENOPENOPE
NotTheRealStephenSifersNOPENOPENOPENOPE
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 6, 2014

Try the following:

Base DN:

OU=Users,OU=Company,DC=MyDomain,DC=Local

Then under your Additional Group DN you would specify your Confluence Access group.

Additional Group DN:

CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local

Also, ensure the users you are running the sync as has permissions into the OU's you are attempting to scan.

View More Comments
jacob9
jacob April 13, 2014

Im sorry, I could not get that to work.

The confluence web page https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluenceseems to state that I only should add the name of the group "ou=confluence-users" where you suggest that i should put the full name "CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local"

I've tried both but It won't sync my users.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events