License restriction and LDAP

I am configured to synchronize users with Active Directory. What is the number of users in the confluence when validating a license? Will the number of users be limited to all are accounts or only to those who have at least authorized? 

4 answers

0 votes

It's "anyone who can log in" - so the users must be in one of the login groups (see global permissions) and marked as active

0 votes
Ann Worley Atlassian Team Jun 07, 2017

Technically, users without can-use permission can log in but they see a page that says "Not permitted".

Please see:

How to get a list of active users counting towards the Confluence license

"Confluence's license count is based on Global Permissions. Users will count towards the license in the following ways:

  • If the user is a member of a group that has global permissions to use Confluence
  • If the user is individually granted global permissions to use Confluence"
0 votes
Bill Bailey Community Champion Jun 08, 2017

In past versions, only users in the group confluence-users count (and have a login).

0 votes
Davin Studer Community Champion Jun 09, 2017

If you only want users in the system that are actually able to log in the you can setup a filter in your LDAP config like such ... 

If you put this in User Schema Settings -> User Object Filter it basically says that it will only import users that are users in LDAP that are not disabled and are members of the LDAP confluence-users group. This way ou can user the confluence-users LDAP group as a means of granting access and only LDAP accounts in that group will be added to Confluence.

(&(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=mydomain,DC=dom))
Davin Studer Community Champion Jun 09, 2017

FYI, you could also do something similar for groups. Under Group Schema Settings -> Group Object Filter you could put something like this. What is basically says is anything in Active Directory that is a group that starts with confluence it will import into Confluence as a group.

(&(objectCategory=Group)(sAMAccountName=confluence*))
Ann Worley Atlassian Team Jun 09, 2017

Thanks for addressing the root issue, Davin.

More details on LDAP filters and how they work with Atlassian apps: How to write LDAP search filters

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,565 views 26 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you