LDAP to Confluence

Hello,

We want to use LDAP to authenticate users in Confluence. Our plan is to use Confluence to authorize users to proper roles. I am new to Confluence and i have a few questions.

1) Can I assign groups to a user based on the role they have in LDAP? In essence, we have a role called Conflu_users created in LDAP and we would like only users of that role to have accounts in Confluence. We don’t want to use the default group option as we have more than 40,000 employees in our company and it will not be feasible to manage that many user accounts in Confluence.

2) Assuming automatic assignment will not work, we have created a manual process where a confluence admin will assign groups to a particular user account after due approval process. My question is, how will an user account be created in Confluence without using synchronization? Can I manually create user accounts even when using LDAP and use LDAP for authentication?

Any help would be greatly appreciated.


Thanks

Ravi

2 answers

This widget could not be displayed.

Hi Ravi,

Regarding you question, you can use a filter to restrict the number of users in Confluence, see this page. Example:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Conflu_users,OU=atlassian,DC=company,DC=local))

Then you can set the group membership directly in your LDAP.

Cheers

Tiago,

Thanks for the reply. SO if I understand this correctly, under the UserObject Filter we currently have (objectclass=inetorgperson), and we need to now add the code you have provided.

Once I add a test it, how will all users of this role in LDAP be populated into Confluence. Do I have to syncronize? Can we do it without synchronization?

Thanks
Ravi

Hi Ravi,

That's partially correct, the filter I sent as example may need to be adjusted acconding to your LDAP configuration.

And, after applying the filter, you'll need to trigger the synchronization, Confluence won't pull the users and groups from the LDAP without the synchronization.

Cheers

This widget could not be displayed.

Tiago,

Thanks again for the answers.

On Userobject filter, I added

(&(objectclass=inetorgperson)(sAMAccountName=*)(memberOf=cn=Github_Editor,ou=People,dc=abc,dc=def,dc=xyz)). This ofcourse if not working as you have mentioned. Essentially I would need to change the cn=Github_Editor to match our LDAP settings. Am I Correct?


Thanks
Ravi

Yes, the FQDN of the group needs to mach your LDAP settings. But there's also another thing that called my attention, I see you are using sAMAccountName in this fiter as in the example I sent, however this is an attribute that only exists in MS AD as far as I know.

I also see you're also using inetorgperson, that is not a standard AD object. If you're not using AD, possibly you'll need to remove (sAMAccountName=*) from your filter

Cheers

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in Teamwork

What teamwork quotes inspire you?

Hey everyone! My name is Natalie and I'm an editor of the Atlassian Blog and I've got a question for you: What's your favorite quote about teamwork?  We've compiled a list here, along with...

194 views 18 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you