Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,141
Community Members
 
Community Events
165
Community Groups

Need help limiting LDAP user sync by security group

Hello, new user to Confluence here.

I am trying to limit Confluence to only importing AD users that are part of the two AD security groups Confluence-Admin and Confluence-Users. I found this KB that I think is pointing me in the right direction, however I can't write the filter correctly.

In "User Directories > Configure LDAP User Directory > LDAP Schema > Base DN" I have:

OU=MyUsers,DC=MyCompany,DC=com

And in "User Directories > Configure LDAP User Directory > User Schema Settings > User Object Filter" I have:

(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=cn=Confluence-Admin,ou=MyUsers,dc=MyCompany,dc=com)(memberOf=cn=Confluence-Users,ou=MyUsers,dc=MyCompany,dc=com)))

I'm either trying to do this completely wrong or my syntax is broken somewhere. Does anyone have any guidance on fixing this?

1 answer

1 accepted

0 votes
Answer accepted

After more reading and trial and error I figured out I was just writing the DN of the security groups wrong. After correcting them in the example above the proper people are getting imported into Confluence.

Hi Justin!

I've been tasked with limiting access to our Bitbucket application to a specific group (Distribution List) in our LDAP directory, which is a few hundred users.  Right now, anyone/everyone in our LDAP directory can sign into Bitbucket, which is thousands of users...  We have limited licenses.  I too have tried to tried several filtering suggestions I've found; however, I haven't guessed the right combo yet...  :/

Would you be so kind as to provide examples of your corrected settings?

 

Thank You Sir!  :D

Justin wrote "I solved it!" but did not share his solution.

Justin, it sure would be nice if you would share the details.

Like Nicola J likes this

@Justin Samsel Any chance you can provide what you ended up with? I have this exact scenario and could do with a hint as to what was wrong in the original DN above...

In my case, the goal was to sync users who belonged to either one of two security groups.

The Active Directory structure in our company, loosely represented:

corp.mycompany.com             (Domain)
|--Otherstuff1 (OU)
|--Groups (OU)
|--OtherGroup1 (OU)
|--SpecialGroup (OU)
|--IgnoreGroup1 (group)
|--MyGroup1 (***group to be included***)
|--MyGroup2 (***group to be included***)
|--IgnoreGroup2 (group)
|--OtherGroup2 (OU)
|--Otherstuff2 (OU)

 

I managed to make it work by using the following value for the "User Schema Settings - User Object Filter":

(&(objectCategory=Person)(sAMAccountName=*)(!(useraccountcontrol:1.2.840.1135

Good Luck!

Janet

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

154 views 1 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you