We want to use LDAP to authenticate users in Confluence. Our plan is to use Confluence to authorize users to proper roles. I am new to Confluence and i have a few questions.
1) Can I assign groups to a user based on the role they have in LDAP? In essence, we have a role called Conflu_users created in LDAP and we would like only users of that role to have accounts in Confluence. We don’t want to use the default group option as we have more than 40,000 employees in our company and it will not be feasible to manage that many user accounts in Confluence.
2) Assuming automatic assignment will not work, we have created a manual process where a confluence admin will assign groups to a particular user account after due approval process. My question is, how will an user account be created in Confluence without using synchronization? Can I manually create user accounts even when using LDAP and use LDAP for authentication?
Any help would be greatly appreciated.
Regarding you question, you can use a filter to restrict the number of users in Confluence, see this page. Example:
Then you can set the group membership directly in your LDAP.
Thanks for the reply. SO if I understand this correctly, under the UserObject Filter we currently have (objectclass=inetorgperson), and we need to now add the code you have provided.
Once I add a test it, how will all users of this role in LDAP be populated into Confluence. Do I have to syncronize? Can we do it without synchronization?
That's partially correct, the filter I sent as example may need to be adjusted acconding to your LDAP configuration.
And, after applying the filter, you'll need to trigger the synchronization, Confluence won't pull the users and groups from the LDAP without the synchronization.
Thanks again for the answers.
On Userobject filter, I added
(&(objectclass=inetorgperson)(sAMAccountName=*)(memberOf=cn=Github_Editor,ou=People,dc=abc,dc=def,dc=xyz)). This ofcourse if not working as you have mentioned. Essentially I would need to change the cn=Github_Editor to match our LDAP settings. Am I Correct?
Yes, the FQDN of the group needs to mach your LDAP settings. But there's also another thing that called my attention, I see you are using sAMAccountName in this fiter as in the example I sent, however this is an attribute that only exists in MS AD as far as I know.
I also see you're also using inetorgperson, that is not a standard AD object. If you're not using AD, possibly you'll need to remove (sAMAccountName=*) from your filter
Every team in the world is unique, and so Atlassian believes that each and every team's best way of working needs to be molded to their unique circumstances – ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot