License restriction and LDAP

I am configured to synchronize users with Active Directory. What is the number of users in the confluence when validating a license? Will the number of users be limited to all are accounts or only to those who have at least authorized? 

4 answers

This widget could not be displayed.

It's "anyone who can log in" - so the users must be in one of the login groups (see global permissions) and marked as active

This widget could not be displayed.
Ann Worley Atlassian Team Jun 07, 2017

Technically, users without can-use permission can log in but they see a page that says "Not permitted".

Please see:

How to get a list of active users counting towards the Confluence license

"Confluence's license count is based on Global Permissions. Users will count towards the license in the following ways:

  • If the user is a member of a group that has global permissions to use Confluence
  • If the user is individually granted global permissions to use Confluence"
This widget could not be displayed.

In past versions, only users in the group confluence-users count (and have a login).

This widget could not be displayed.
Davin Studer Community Champion Jun 09, 2017

If you only want users in the system that are actually able to log in the you can setup a filter in your LDAP config like such ... 

If you put this in User Schema Settings -> User Object Filter it basically says that it will only import users that are users in LDAP that are not disabled and are members of the LDAP confluence-users group. This way ou can user the confluence-users LDAP group as a means of granting access and only LDAP accounts in that group will be added to Confluence.

(&(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=mydomain,DC=dom))
Davin Studer Community Champion Jun 09, 2017

FYI, you could also do something similar for groups. Under Group Schema Settings -> Group Object Filter you could put something like this. What is basically says is anything in Active Directory that is a group that starts with confluence it will import into Confluence as a group.

(&(objectCategory=Group)(sAMAccountName=confluence*))
Ann Worley Atlassian Team Jun 09, 2017

Thanks for addressing the root issue, Davin.

More details on LDAP filters and how they work with Atlassian apps: How to write LDAP search filters

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

447 views 5 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you