License restriction and LDAP

I am configured to synchronize users with Active Directory. What is the number of users in the confluence when validating a license? Will the number of users be limited to all are accounts or only to those who have at least authorized? 

4 answers

0 vote

It's "anyone who can log in" - so the users must be in one of the login groups (see global permissions) and marked as active

0 vote
Ann Worley Atlassian Team Jun 07, 2017

Technically, users without can-use permission can log in but they see a page that says "Not permitted".

Please see:

How to get a list of active users counting towards the Confluence license

"Confluence's license count is based on Global Permissions. Users will count towards the license in the following ways:

  • If the user is a member of a group that has global permissions to use Confluence
  • If the user is individually granted global permissions to use Confluence"

In past versions, only users in the group confluence-users count (and have a login).

0 vote
Davin Studer Community Champion Jun 09, 2017

If you only want users in the system that are actually able to log in the you can setup a filter in your LDAP config like such ... 

If you put this in User Schema Settings -> User Object Filter it basically says that it will only import users that are users in LDAP that are not disabled and are members of the LDAP confluence-users group. This way ou can user the confluence-users LDAP group as a means of granting access and only LDAP accounts in that group will be added to Confluence.

(&(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf=CN=confluence-users,OU=Confluence,OU=Managed Groups,DC=mydomain,DC=dom))
Davin Studer Community Champion Jun 09, 2017

FYI, you could also do something similar for groups. Under Group Schema Settings -> Group Object Filter you could put something like this. What is basically says is anything in Active Directory that is a group that starts with confluence it will import into Confluence as a group.

(&(objectCategory=Group)(sAMAccountName=confluence*))
Ann Worley Atlassian Team Jun 09, 2017

Thanks for addressing the root issue, Davin.

More details on LDAP filters and how they work with Atlassian apps: How to write LDAP search filters

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

374 views 20 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you