First time I ask for support, so I hope I follow the right path.
We are currently redesigning our Active Directory groups, and are somewhat struggling with the LDAP integration of Confluence (5.1).
1. Is every account in AD always allowed to log in (not talking about seeing content)?
2. How can we narrow down the filter of users seen when querying users?
Our knowledge of LDAP is a bit limited and we where not able to find clear related documentation. Of course we can provide more info if needed.
Regards, Arno Dekker.
This is how we have ours set up so that we limit how many people can login to Confluence. Basically, the Additional User DN field tells Confluence where to find users. The User Object Filter will further filter the users that are found in the Additional User DN field. In our case we are only pulling in users that are members of the confluence-users AD group. As for groups we pull in any groups in the Managed Groups OU that start with confluence as the group name. This works pretty well. If we want someone to be able to log into Confluence we just add them to the confluence-users group. If we remove them then after the sync they can no longer log in.
Additional User DN: OU=Managed Users
Additional Group DN: OU=Managed Groups
User Schema Settings
User Object Class: user
User Object Filter: (&(objectCategory=Person)(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=domain,DC=com))
Group Schema Settings
Group Object Class: group
Group Object Filter: (&(objectCategory=Group)(sAMAccountName=confluence*))
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG