Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Nested groups, how to exclude from search in UI

Thomas Langvann
Thomas Langvann November 26, 2013

Hi!

I'm having the following pseudo LDAP-structure:

ou=groups
|_ou=internal
|         |
|         |_cn:myInternalGroup
|                    member:uid=foo
|
|
|
|_ou=wiki
          |
          |_cn:myWikiGroup
                     member:cn:myInternalGroup,ou=internal,ou=groups

The internal tree is full of groups that are irrelevant for Wiki-users, so I want to limit the groups that are shown in the UI to only "ou=wiki".

The problem is that if I add a "Group Object Filter", confluence is not able to resolve the subgroup, as it sits under ou=internal.

How can I hide groups from the user interface without breaking the nesting of groups that are necessary to resolve membership?

Best regards,
Thomas

Answer
Watch
Like Be the first to like this
495 views

3 answers

1 accepted

0 votes
Answer accepted
Thomas Langvann
Thomas Langvann December 3, 2013

Confluence does not have such ability to filter out groups in UI only while still synchronizing those groups from LDAP server.

Reply
0 votes
Jürgen Müller
Jürgen Müller November 26, 2013

Do you have testing to configure the Additional Group DN like this:

cn:myWikiGroup,ou=groups
Reply
0 votes
Jürgen Müller
Jürgen Müller November 26, 2013

I had the same problem. You can find a documention and create a filter based on the structure of your directory: https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters

eg. userSearchFilter

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=myWikiGroup,ou=wiki,ou=groups,ou=XXX,dc=XXX,dc=XXX,dc=XX))

Grettings
Jürgen

View More Comments
Thomas Langvann
Thomas Langvann November 26, 2013

Thanks for your reply, but if I understand you correctly, this still does not solve my problem, as it would also prevent confluence to resolve the subgroups (which resides in the tree I'm trying to hide).

From the documentation: " In essence the filter limits what part of the LDAP tree Confluence syncs from"

I still need confluence to sync from the "internal"-tree, but I don't want to show the "internal" groups in the User Interface when end-users search for groups.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events