• Community
  • Questions
  • LDAP Directory - Synchronize group memberships with Confluence (posixAccount, posixGroup)

LDAP Directory - Synchronize group memberships with Confluence (posixAccount, posixGroup)

I am struggling to integrate LDAP with confluence.

I am using the following main configuration:

  • OpenLDAP
  • LDAP Permissions: Read/Write
  • Groups: posixAccount + posixGroup

The problem I'm facing is that the users and groups are transfered without a problem, but the memberships are not set.

I managed to get it to work with groupOfNames as the group scheme. The only case it works is if a group membership is defined inside the user (memberOf attribute) and the setting "Use the User Membership Attribute" is set. If either of these is not set there is no user-group assignment.

As posix is more widely supported (especially by LDAP user managers like LAM or Webmin) I would like to use it as my LDAP scheme and would prefer not to add attributes manually (would not be supported by user managers). Also this scheme is just using the username as an identifier (memberUid: username instead of members: uid=username,ou=People,dc=domain,dc=domain)

So my questions are:

Is there a possiblity to syncronize group memberships with the posixGroup scheme?

Is it sufficent if the members of a group are just set in the group entry (memberUid)?

Is it sufficent if a user is just defined by their uid and not by there complete DN?

1 answer

0 vote
David Chan Atlassian Team Nov 21, 2011

Hey JFR,

1. When configuring LDAP, there is also a LDAP directory type labeled 'OpenLDAP Using Posix Schema'. Try using that instead of the usual 'OpenLDAP'. The problem, however, is that Confluence's Posix integration is Read-Only. This means that you will not be able to manage users/groups within Confluence, everything has to be done within OpenLDAP.

2. You can define the membership attributes if you expand the 'Membership Schema' section within the directory configuration. You should be able to set the membership attribute to (memberUid) .

3. When integrating LDAP, Confluence needs a base DN for users. Once defined, all user searches will only be within that set DN. You can then further define the users under the advance section labeled 'User Schema Settings'

Checkout this document:


Suggest an answer

Log in or Join to answer
Community showcase
Louis De Jaeger
Posted Thursday in Off-topic

Friday fun: your best joke

Hi all Lets make this Friday fun really fun and post one (or more) of your best jokes! The joke can be about an Atlassian product, or just a really fun joke you want to share! I’m not the best j...

178 views 12 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot