Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Limit users in Confluence when connected to LDAP or Active Directory

Peter Meier1
Peter Meier September 8, 2011

Hi all,

I'm trying to limit the number of users that are displayed in Confluence when connected to an Active Directory or LDAP server.

According to (even if this is a Crowd documentation it should work for Confluence as well):

http://confluence.atlassian.com/display/CROWD/Restricting+LDAP+Scope+for+User+and+Group+Search

I can change the filter to:

(&(objectCategory=Person)(sAMAccountName=*)
(|(memberOf=cn=confluence-users,ou=Groups,dc=sydney,dc=atlassian,dc=com)
(memberOf=cn=confluence-administrators,ou=Groups,dc=sydney,dc=atlassian,dc=com)))

This implies, that the membership of a user is defined in the user object via the attribute "memberOf". Unfortunately in our environment, the user doesn't have this attribute, instead, the group has several entries "member", listing all people connected to this group.

Is there a way to filter based on this setup?

Thanks

Peter

Answer
Watch
Like Be the first to like this
1064 views

2 answers

1 accepted

1 vote
Answer accepted
Jim Birch
Jim Birch
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 11, 2011

AFAIK Active directory creates the backlink entries for group membership automatically, ie each member entry in group should have a corresponding memberOf attibute in the user object. If you are using AD I'd check that there isn't something wrong with your query or the rights of the account read to the member attribute.

Other LDAP directories may not do this - I wouldn't know.

(BTW If you need a tool to view or query an LDAP server, I've found Apache Directory Studio very useful.)

View More Comments
Peter Meier1
Peter Meier October 2, 2011

Thanks Jim,

That solved my problem. The user hadn't had enough permissions to view the membership.

Thanks

Peter

Like
Reply
0 votes
Konnie McCauley
Konnie McCauley January 11, 2012

is there a limit to how many users are brought into confluence through an AD group?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events