Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP to Confluence

Ravi Mudumby
Ravi Mudumby July 25, 2013

Hello,

We want to use LDAP to authenticate users in Confluence. Our plan is to use Confluence to authorize users to proper roles. I am new to Confluence and i have a few questions.

1) Can I assign groups to a user based on the role they have in LDAP? In essence, we have a role called Conflu_users created in LDAP and we would like only users of that role to have accounts in Confluence. We don’t want to use the default group option as we have more than 40,000 employees in our company and it will not be feasible to manage that many user accounts in Confluence.

2) Assuming automatic assignment will not work, we have created a manual process where a confluence admin will assign groups to a particular user account after due approval process. My question is, how will an user account be created in Confluence without using synchronization? Can I manually create user accounts even when using LDAP and use LDAP for authentication?

Any help would be greatly appreciated.


Thanks

Ravi

Answer
Watch
Like Be the first to like this
260 views

2 answers

0 votes
Ravi Mudumby
Ravi Mudumby July 25, 2013

Tiago,

Thanks again for the answers.

On Userobject filter, I added

(&(objectclass=inetorgperson)(sAMAccountName=*)(memberOf=cn=Github_Editor,ou=People,dc=abc,dc=def,dc=xyz)). This ofcourse if not working as you have mentioned. Essentially I would need to change the cn=Github_Editor to match our LDAP settings. Am I Correct?


Thanks
Ravi

View More Comments
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 25, 2013

Yes, the FQDN of the group needs to mach your LDAP settings. But there's also another thing that called my attention, I see you are using sAMAccountName in this fiter as in the example I sent, however this is an attribute that only exists in MS AD as far as I know.

I also see you're also using inetorgperson, that is not a standard AD object. If you're not using AD, possibly you'll need to remove (sAMAccountName=*) from your filter

Cheers

Like
Reply
0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 25, 2013

Hi Ravi,

Regarding you question, you can use a filter to restrict the number of users in Confluence, see this page. Example:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Conflu_users,OU=atlassian,DC=company,DC=local))

Then you can set the group membership directly in your LDAP.

Cheers

View More Comments
Ravi Mudumby
Ravi Mudumby July 25, 2013

Tiago,

Thanks for the reply. SO if I understand this correctly, under the UserObject Filter we currently have (objectclass=inetorgperson), and we need to now add the code you have provided.

Once I add a test it, how will all users of this role in LDAP be populated into Confluence. Do I have to syncronize? Can we do it without synchronization?

Thanks
Ravi

Like
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 25, 2013

Hi Ravi,

That's partially correct, the filter I sent as example may need to be adjusted acconding to your LDAP configuration.

And, after applying the filter, you'll need to trigger the synchronization, Confluence won't pull the users and groups from the LDAP without the synchronization.

Cheers

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events