LDAP Directory - Synchronize group memberships with Confluence (posixAccount, posixGroup)

Johannes Friedrich August 15, 2011

I am struggling to integrate LDAP with confluence.

I am using the following main configuration:

  • OpenLDAP
  • LDAP Permissions: Read/Write
  • Groups: posixAccount + posixGroup

The problem I'm facing is that the users and groups are transfered without a problem, but the memberships are not set.

I managed to get it to work with groupOfNames as the group scheme. The only case it works is if a group membership is defined inside the user (memberOf attribute) and the setting "Use the User Membership Attribute" is set. If either of these is not set there is no user-group assignment.

As posix is more widely supported (especially by LDAP user managers like LAM or Webmin) I would like to use it as my LDAP scheme and would prefer not to add attributes manually (would not be supported by user managers). Also this scheme is just using the username as an identifier (memberUid: username instead of members: uid=username,ou=People,dc=domain,dc=domain)

So my questions are:

Is there a possiblity to syncronize group memberships with the posixGroup scheme?

Is it sufficent if the members of a group are just set in the group entry (memberUid)?

Is it sufficent if a user is just defined by their uid and not by there complete DN?

1 answer

0 votes
David Chan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2011

Hey JFR,

1. When configuring LDAP, there is also a LDAP directory type labeled 'OpenLDAP Using Posix Schema'. Try using that instead of the usual 'OpenLDAP'. The problem, however, is that Confluence's Posix integration is Read-Only. This means that you will not be able to manage users/groups within Confluence, everything has to be done within OpenLDAP.

2. You can define the membership attributes if you expand the 'Membership Schema' section within the directory configuration. You should be able to set the membership attribute to (memberUid) .

3. When integrating LDAP, Confluence needs a base DN for users. Once defined, all user searches will only be within that set DN. You can then further define the users under the advance section labeled 'User Schema Settings'

Checkout this document:

http://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events