I have created an AD group where I'm adding AD groups containing users that should be able to log in to Confluence.
I have successfully synchronised the whole AD but as we only have XX number of licenses, I would like to limit the number of accounts that are synchronised.
I've tried to follow the steps in the guide below but I cant get it to work.
https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluence
I have tried setting this DN in the "Base DN" field but it failed to work:
CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org
However, when i only type in the following, it works and synchronise the whole AD.
DC=world,DC=myad,DC=org
Where should i add this field: CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources
?
Kind regards
Hi Jacob,
I assume CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org is a group, right?
If you want just the users on this group to be synchronized, you can set your base DN to be DC=world,DC=myad,DC=org, leave both Additional User and Group DN’s empty, and under User Schema Settings->User Object Filter, you use a filter like this:
(&(objectClass=Person)(sAMAccountName=*)(memberOf=CN=CONFLUENCE_GROUP_USERS,OU=User,OU=System,OU=Groups,OU=Resources,DC=world,DC=myad,DC=org))
This will ensure only users on CONFLUENCE_GROUP_USERS will be pulled from AD.
Please let me know if this works for you.
Best regards,
Felipe Alencastro
Thank you, but I tried that solution but only the accounts that directly belonged to the Confluence group were found.
The users that had a group belonging to the Confluence group where not found (as the Confluence group wasn't directly connected to those users) so that didn't work for me unfortunately.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Try the following:
Base DN:
OU=Users,OU=Company,DC=MyDomain,DC=Local
Then under your Additional Group DN you would specify your Confluence Access group.
Additional Group DN:
CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local
Also, ensure the users you are running the sync as has permissions into the OU's you are attempting to scan.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Im sorry, I could not get that to work.
The confluence web page https://confluence.atlassian.com/display/CONFKB/Changing+the+Number+of+Users+Synchronized+from+LDAP+to+Confluenceseems to state that I only should add the name of the group "ou=confluence-users"
where you suggest that i should put the full name "CN=CONFLUENCE_GROUP_USERS,OU=Users,OU=Company,DC=MyDomain,DC=Local"
I've tried both but It won't sync my users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.