Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Need help limiting LDAP user sync by security group

Justin Samsel
Justin Samsel October 17, 2018

Hello, new user to Confluence here.

I am trying to limit Confluence to only importing AD users that are part of the two AD security groups Confluence-Admin and Confluence-Users. I found this KB that I think is pointing me in the right direction, however I can't write the filter correctly.

In "User Directories > Configure LDAP User Directory > LDAP Schema > Base DN" I have:

OU=MyUsers,DC=MyCompany,DC=com

And in "User Directories > Configure LDAP User Directory > User Schema Settings > User Object Filter" I have:

(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=cn=Confluence-Admin,ou=MyUsers,dc=MyCompany,dc=com)(memberOf=cn=Confluence-Users,ou=MyUsers,dc=MyCompany,dc=com)))

I'm either trying to do this completely wrong or my syntax is broken somewhere. Does anyone have any guidance on fixing this?

Answer
Watch
Like Be the first to like this
761 views

1 answer

1 accepted

0 votes
Answer accepted
Justin Samsel
Justin Samsel October 17, 2018

After more reading and trial and error I figured out I was just writing the DN of the security groups wrong. After correcting them in the example above the proper people are getting imported into Confluence.

View More Comments
Kelvin Latner
Kelvin Latner October 26, 2018

Hi Justin!

I've been tasked with limiting access to our Bitbucket application to a specific group (Distribution List) in our LDAP directory, which is a few hundred users.  Right now, anyone/everyone in our LDAP directory can sign into Bitbucket, which is thousands of users...  We have limited licenses.  I too have tried to tried several filtering suggestions I've found; however, I haven't guessed the right combo yet...  :/

Would you be so kind as to provide examples of your corrected settings?

 

Thank You Sir!  :D

Like
kns_jeinhorn
kns_jeinhorn June 23, 2021

Justin wrote "I solved it!" but did not share his solution.

Justin, it sure would be nice if you would share the details.

Like Nicola J likes this
Nicola J
Nicola J December 8, 2021

@Justin Samsel Any chance you can provide what you ended up with? I have this exact scenario and could do with a hint as to what was wrong in the original DN above...

Like
kns_jeinhorn
kns_jeinhorn December 13, 2021

In my case, the goal was to sync users who belonged to either one of two security groups.

The Active Directory structure in our company, loosely represented:

corp.mycompany.com             (Domain)
|--Otherstuff1                 (OU)
|--Groups                      (OU)
   |--OtherGroup1              (OU)
   |--SpecialGroup             (OU)
      |--IgnoreGroup1          (group)
      |--MyGroup1              (***group to be included***)
      |--MyGroup2              (***group to be included***)
      |--IgnoreGroup2          (group)
   |--OtherGroup2              (OU)
|--Otherstuff2                 (OU)

 

I managed to make it work by using the following value for the "User Schema Settings - User Object Filter":

(&(objectCategory=Person)(sAMAccountName=*)(!(useraccountcontrol:1.2.840.1135

Good Luck!

Janet

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events