LDAP Directory - Synchronize group memberships with Confluence (posixAccount, posixGroup)

I am struggling to integrate LDAP with confluence.

I am using the following main configuration:

  • OpenLDAP
  • LDAP Permissions: Read/Write
  • Groups: posixAccount + posixGroup

The problem I'm facing is that the users and groups are transfered without a problem, but the memberships are not set.

I managed to get it to work with groupOfNames as the group scheme. The only case it works is if a group membership is defined inside the user (memberOf attribute) and the setting "Use the User Membership Attribute" is set. If either of these is not set there is no user-group assignment.

As posix is more widely supported (especially by LDAP user managers like LAM or Webmin) I would like to use it as my LDAP scheme and would prefer not to add attributes manually (would not be supported by user managers). Also this scheme is just using the username as an identifier (memberUid: username instead of members: uid=username,ou=People,dc=domain,dc=domain)

So my questions are:

Is there a possiblity to syncronize group memberships with the posixGroup scheme?

Is it sufficent if the members of a group are just set in the group entry (memberUid)?

Is it sufficent if a user is just defined by their uid and not by there complete DN?

1 answer

This widget could not be displayed.
David Chan Atlassian Team Nov 21, 2011

Hey JFR,

1. When configuring LDAP, there is also a LDAP directory type labeled 'OpenLDAP Using Posix Schema'. Try using that instead of the usual 'OpenLDAP'. The problem, however, is that Confluence's Posix integration is Read-Only. This means that you will not be able to manage users/groups within Confluence, everything has to be done within OpenLDAP.

2. You can define the membership attributes if you expand the 'Membership Schema' section within the directory configuration. You should be able to set the membership attribute to (memberUid) .

3. When integrating LDAP, Confluence needs a base DN for users. Once defined, all user searches will only be within that set DN. You can then further define the users under the advance section labeled 'User Schema Settings'

Checkout this document:

http://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted 5 hours ago in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

23 views 1 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you