Setup LDAP for Jira and Confluence

I'm looking for the best way to integrate JIRA and Confluence with LDAP for authentication.

My current setup is as follows:

JIRA uses LDAP Authentication as primary (Active Directory) and JIRA Internal Directory as Secondary

Confluence Uses LDAP Authenticaction as primary (The same AD) and JIRA Server as secondary, and Confluence Internal Directory as Tertiary. 

The problem I'm having is that we disabled automatic copy of login, and now I cannot create new confluence accounts that validate against LDAP. 

What are my options?

4 answers

Maybe this could help: Add users who are Jira/Confluence approved to a specific group in Active Directory. Import only members of this particular group to JIRA with the LDAP connector.

I really like this suggestion, and I think this would be probably best solution, however we we don't control the Active Directory, and turnaround time for request in active directory are quite long, so we are looking for a solution such as "Jira verifies against Active Directory and Confluence verifies against Jira" but I'm not sure if that is a feasible solution and if it's been done before.

Are you able to edit the user directory configuration for the ldap connectors? You should be able to login with a confluence/JIRA internal directory user and make changes to the ldap authentication user directory so that it meets your needs. Off the top of my head, I would say you need to configure it with read/write access to ldap so that you can create new accounts from the applications themselves.  

If you don't know the internal directory admin user you can follow these steps to recover:

If this isn't really what you're asking, can you provide more details into how your connector is currently configured?

Yes, I am able to access and edit LDAP connectors. We are not trying to make Jira/Confluence create users in LDAP, rather control the users that are allowed access to Jira/Confluence, but be able to use LDAP for authentication. With jira, there is functionality that allows you to add users into the the specitif "directory" it being "Delegated LDAP Authentication" however with Confluence I haven't found similar functionality to be able to add user to Confluence "Delegated LDAP Authentication" directory

Confluence and JIRA have the same user management code - Crowd. There are no differences between the functionality. You can use delegated ldap authentication directories from both applications.

Any specific reason to disable the copy user functionality? and since both JIRA and Confluence pull users from the LDAP, is there any specific reason to keep the JIRA Server directory in Confluence?

The reason why we are disabling copy user functionality is because we don't want just any user to log into Jira/Confluence. IT needs to approve non IT users to gain access. When we switched from Jira user management to LDAP, we let the users know that they just need to log in with their AD credentials. Now we are having management asking to get those users removed as they have no approval, so we had to disable auto copy.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in United States

Confluence Security Advisory

Good morning Members, Not sure if you are aware. Please read the following: More details: https://co...

29 views 1 0
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you