LDAP integration via Active Directory

Hi!

We have an Active Directory where we have a lot of users but seperated in different countries like SE, FR, IT, ES, AR.

The AD look like this.

domain.net
AR
Users
ES
Users
SE
Users


and so on.

The groups created for the use of confluence have we placed in the in AD.

domain.net
Common
Groups
AR-Read
AR-Write
ES-Read
ES-Write
SE-Read
SE-Write


And in each Group we have the right members.


So, my question is if it is possilbe to make ONE LDAP to Microsoft Active Directory.
I have set up several LDAPs under User directories which fetches information every 60 minutes.
Do a really need to import the users into confluence, which the LDAPs do.

Can someone explain this to me really simple :)

Thank you very much in advance.

4 answers

Hi Daniel,

As far as I understand, you have configured confluence with several "user directories", but in fact they all are the same ldap server with different configurations, one for each country (thus a different branch in the ldap tree) and different groups.

Use only one MS-AD user directory, connecting to domain.net/

and filtering for users belonging to (AR-Read) OR (SE-Read) OR (ES-Read) .... in the userObjectFilter option ...

The only tricky part is the ldap and/or syntax

Hi Alex!

Thank you for your reply.

Yes, I've set up confluence with several user directories but only want to use one.
I have several OU's int the AD

OU=Users, OU=SE
OU=Users, OU=AR
OU=Users, OU=FR

and so on.

We have also created a several groups in:

OU=Confluence,OU=Groups,OU=Common

All the groups are in there and imported into Confluence when running/syncronizing the LDAP.

If I understand you correctly Alex, it is possible to do some sort of filter on the userside if they belong i any of the groups.

Is it also possible import/add only groups belongning in an OU ?

Here is what my LDAP setup looks like.
-----------------------------------------------------------------------------------------

Name: Confluence LDAP integation
Directory Type: Microsoft Active Directory
Hostname: dc01.domain.net
Port: 389 no SSL
Username: admin@domain.net
Password: ********
Copy User on Logon: YES
Default Group Memmbership: confluence_users not from the AD
Synchronize Group Memberships: YES

Base DN: DC=domain,DC=net
User Name Attribute: sAMAccountName

Skipping Advanced Settings

Additional User DN: blank
User Object Class: user
user Object Filter: (&(objectCategory=Person)(sAMAccountName=*))
User Name RDN Attribute: cn
User First Name Attribute: givenName
User Last Name Attribute: sn
User Display Name Attribute: displayName
User Email Attribute: mail

Addional Group: OU=Confluence,OU=Groups,OU=Common
Group Object Class: group
Group Object Filter: (objectCategory=Group)
Group Name Attribute: cn
Group Description Attribute: description


Group Members Attribute: member
User Membership Attribute: memberOf
Use the User Membership Attribute: No, when finding the user's group memebership


How can I best change this to make it work fully with the AD. Perhaps, do I need to make some
changes to the AD.

Thank you in advance.




First, ensure that the tree in your AD is:

domain.net/

\=> OU=Users

        \=> OU=SE ...

        \=> OU=AR ...

        \=> OU=ES ...

If so , you can simplify Additional User DN to OU=Users, as long as all your users are defined under this node.

If you want to limit login of users to members of any of the groups (AR-Read, AR-Write ... etc), you can use the user Object Filter set to:

(&(&(objectCategory=Person)(sAMAccountName=*))(&(|(memberOf=XXX)(memberOf=YYYY))))

Hi Alex/Danial,

I am trying to ontegrate HipChat server with LDAP but I ma facing some issue mentioned below:

-          Hipchat is detecting the group and its members only when the account used is a member of any group and other members belong to same OU we have pointed to

Ex: Hipchat detecting a group named “Hipchat” but only retrieving 2 members instead of actual 5 because other 3 out of 5 belong to a different OU.

We would like to achieve the below

-          Hipchat must detect group and also its members belonging to other OU’s

Ex: Consider 3 OU’s BLR,CHN and SHN and we pointed to only SHN OU in hipchat directory. So SHN consists a group named ‘XYZ,XYZ is having members from BLR and CHN as well.

HIPCHAT must detect/sync members from BLR and CHN as well if he is member of XYZ group placed in SHN.

is the above mentioned possible?

 

Regards,

Vijayalakshmi

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published 11 hours ago in Hipchat

Moving from Hipchat to Stride? Here’s what you’ll love

Heya, Hipchat friends! We’re so happy you’re checking out   Stride. Whether you know it or not, you have been instrumental in making Stride come to life. Every feature, design, and functionality...

38 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you