It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

LDAP integration via Active Directory


We have an Active Directory where we have a lot of users but seperated in different countries like SE, FR, IT, ES, AR.

The AD look like this.

and so on.

The groups created for the use of confluence have we placed in the in AD.

And in each Group we have the right members.

So, my question is if it is possilbe to make ONE LDAP to Microsoft Active Directory.
I have set up several LDAPs under User directories which fetches information every 60 minutes.
Do a really need to import the users into confluence, which the LDAPs do.

Can someone explain this to me really simple :)

Thank you very much in advance.

4 answers

Hi Daniel,

As far as I understand, you have configured confluence with several "user directories", but in fact they all are the same ldap server with different configurations, one for each country (thus a different branch in the ldap tree) and different groups.

Use only one MS-AD user directory, connecting to

and filtering for users belonging to (AR-Read) OR (SE-Read) OR (ES-Read) .... in the userObjectFilter option ...

The only tricky part is the ldap and/or syntax

Hi Alex!

Thank you for your reply.

Yes, I've set up confluence with several user directories but only want to use one.
I have several OU's int the AD

OU=Users, OU=SE
OU=Users, OU=AR
OU=Users, OU=FR

and so on.

We have also created a several groups in:


All the groups are in there and imported into Confluence when running/syncronizing the LDAP.

If I understand you correctly Alex, it is possible to do some sort of filter on the userside if they belong i any of the groups.

Is it also possible import/add only groups belongning in an OU ?

Here is what my LDAP setup looks like.

Name: Confluence LDAP integation
Directory Type: Microsoft Active Directory
Port: 389 no SSL
Password: ********
Copy User on Logon: YES
Default Group Memmbership: confluence_users not from the AD
Synchronize Group Memberships: YES

Base DN: DC=domain,DC=net
User Name Attribute: sAMAccountName

Skipping Advanced Settings

Additional User DN: blank
User Object Class: user
user Object Filter: (&(objectCategory=Person)(sAMAccountName=*))
User Name RDN Attribute: cn
User First Name Attribute: givenName
User Last Name Attribute: sn
User Display Name Attribute: displayName
User Email Attribute: mail

Addional Group: OU=Confluence,OU=Groups,OU=Common
Group Object Class: group
Group Object Filter: (objectCategory=Group)
Group Name Attribute: cn
Group Description Attribute: description

Group Members Attribute: member
User Membership Attribute: memberOf
Use the User Membership Attribute: No, when finding the user's group memebership

How can I best change this to make it work fully with the AD. Perhaps, do I need to make some
changes to the AD.

Thank you in advance.

First, ensure that the tree in your AD is:

\=> OU=Users

        \=> OU=SE ...

        \=> OU=AR ...

        \=> OU=ES ...

If so , you can simplify Additional User DN to OU=Users, as long as all your users are defined under this node.

If you want to limit login of users to members of any of the groups (AR-Read, AR-Write ... etc), you can use the user Object Filter set to:


Hi Alex/Danial,

I am trying to ontegrate HipChat server with LDAP but I ma facing some issue mentioned below:

-          Hipchat is detecting the group and its members only when the account used is a member of any group and other members belong to same OU we have pointed to

Ex: Hipchat detecting a group named “Hipchat” but only retrieving 2 members instead of actual 5 because other 3 out of 5 belong to a different OU.

We would like to achieve the below

-          Hipchat must detect group and also its members belonging to other OU’s

Ex: Consider 3 OU’s BLR,CHN and SHN and we pointed to only SHN OU in hipchat directory. So SHN consists a group named ‘XYZ,XYZ is having members from BLR and CHN as well.

HIPCHAT must detect/sync members from BLR and CHN as well if he is member of XYZ group placed in SHN.

is the above mentioned possible?




Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Marketplace Apps & Integrations

Expose your beautifully crafted Dashboard through the Jira Service Desk Customer Portal

  A picture is worth a thousand words, especially when you're trying to find relationships and understand your data. Here, Dashboards play a vital role in gaining insights from a variety of dat...

221 views 3 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you