LDAP permissions

First time I ask for support, so I hope I follow the right path.

We are currently redesigning our Active Directory groups, and are somewhat struggling with the LDAP integration of Confluence (5.1).

Questions:

1. Is every account in AD always allowed to log in (not talking about seeing content)?

2. How can we narrow down the filter of users seen when querying users?

Our knowledge of LDAP is a bit limited and we where not able to find clear related documentation. Of course we can provide more info if needed.

Regards, Arno Dekker.

2 answers

1 vote
Davin Studer Community Champion Dec 15, 2013

This is how we have ours set up so that we limit how many people can login to Confluence. Basically, the Additional User DN field tells Confluence where to find users. The User Object Filter will further filter the users that are found in the Additional User DN field. In our case we are only pulling in users that are members of the confluence-users AD group. As for groups we pull in any groups in the Managed Groups OU that start with confluence as the group name. This works pretty well. If we want someone to be able to log into Confluence we just add them to the confluence-users group. If we remove them then after the sync they can no longer log in.

LDAP Schema
Additional User DN: OU=Managed Users
Additional Group DN: OU=Managed Groups

User Schema Settings
User Object Class: user
User Object Filter: (&(objectCategory=Person)(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=domain,DC=com))

Group Schema Settings
Group Object Class: group
Group Object Filter: (&(objectCategory=Group)(sAMAccountName=confluence*))

Nevermind, I just found out how to create a support ticket.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Friday in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

265 views 11 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you