Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence user directory change - help

Sanu Soman1
Sanu Soman July 2, 2013

Hi All,

I'm trying to change the user authentication method on my Confluence instance from JIRA User directory to LDAP authentication. Please let me know the best way to achieve this.

There are some custom groups and users having specific permissions on existing spaces and these groups and users came from JIRA User directory.

Also want to know how we can authenticate users from LDAP for the first time login? means.. once LDAP integrated, simply users can login to conflunce by thier LDAP username/password or they need to do any kind of sign-up? If auto detection of username/password is not possible, then can I add them into confluence and associate to specific permission manually? (That instance is only having 61 users)

Please help on this. Many thanks in advance.

Answer
Watch
Like Be the first to like this
3806 views

1 answer

1 accepted

0 votes
Answer accepted
Mirek
Mirek
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 2, 2013

Hi Sanu,

Please take a look on this guide:

https://answers.atlassian.com/questions/78076/migrate-from-internal-authentication-to-internal-with-ldap-authentication

I think also that if you will add the same user in LDAP and then LDAP will be first in User Directories then Confluence will search for the user first in LDAP then on Internal Directory. It shold do the trick to migrate the user. However you need to check if all the groups will be migrated. In my opinion you will loose them in the process, so then you will need to manually. You can give it a try with one test user first.

I hope that will help,

Best Regards,

Mirek

View More Comments
Sanu Soman1
Sanu Soman July 2, 2013

Thanks Mirek for the suggestion.

We already had users in the LDAP server but not the groups. So I need to create same groups in LDAP server?

Currently users and groups are present in JIRA user directory and that's how they are accessing confluence.

Which LDAP configuration permission type is better to use? Read only with local groups?or read only? or read/write?

If I'm going for Read only with local groups LDAP permissions, then groups can be manageable from confluence... right? And at the beginning, from LDAP itself I need to map the users to specific groups.. so then only users will get right permission...right? but here, later on every time if we are adding a new user to LDAP then need to map same user to confluence-users groups to get access in confluence? Or do they need to do any kind of sign-up? Is this the right permission scheme?

If we going for read only LDAP permission configuration, then I can't able to manage the users/groups with in confluence..right? So then, everytime I need to contact LDAP admin for the permission change?

What about read/write... ?

Please suggest.

Like
Mirek
Mirek
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 4, 2013

Hi Sanu,

Connecting to an LDAP directory server is useful if your users and groups are stored in a corporate directory. When configuring the directory, you can choose to make it:

  • read only,
  • read only with local groups,
  • read/write.

If you choose read/write, any changes made to user and group information in the application will also update the LDAP directory.

I am personally using always only LDAP for authentication. All grups are created localy in the app. RW can cause some performance issues when having a lot of groups in LDAP.

When choosing this option you are managing groups only in your app. You can set default membership on first login for every new user. When user will want to login then application will connect to the LDAP, check if the user exist.. If not his account will be created with default membership. Passwords only can be changed in LDAP, but groups can be created in the app.

In general it depends how you want to use your corporate LDAP. If it is allowed to modifiy it then feel free to use R/W .. If not use it only for authentication and keep groups localy. The decision, which option choose is up you.

Just give it a try. Set up some test instance and try all options. After that you should pick the right decision.

I hope that this will be helpful,

Best Regards,

Mirek

Like
Sanu Soman1
Sanu Soman July 4, 2013

Thanks Mirek for your suggestions.

I'm going for to test with readonly with local groups as I feel this one is perfect for our configuration. Only this after integration, I need to map users to some custom groups for getting necessary permission on the spaces.

Like
Sanu Soman1
Sanu Soman July 4, 2013

One more doubt..

How can I map users to these local groups after LDAP integration? Means, I will get only the list of users after they login conflunce once? Or do I get users from confluence people search soon after the LDAP integration (without users tried to login)? Please clarify.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events