Best Practice for managing OpenLDAP directory

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

Overview heading

This best practice guide is for those who are connecting Confluence with OpenLDAP user directory.

#1. Make sure that group membership contains the full DN of the user

For groups, make sure that the members of a groups are defined by their FQDN instead of their DN. For example, the following group "cn=users" contains 3 members defined by their DNs, which may pose some problems when connecting into Confluence:

example of BAD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: john
memberUid: stephen
memberUid: wayne
---

 

Instead, make sure that the members are defined by their FQDN as per example below:

example of GOOD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: uid=john,ou=people,dc=mycompany,dc=com
memberUid: uid=stephen,ou=people,dc=mycompany,dc=com
memberUid: uid=wayne,ou=people,dc=mycompany,dc=com
---

(info) OpenLDAP connector accepts group entries in the format of FQDN, while the OpenLDAP-Posix (Read Only) connection accepts group entries in the format of DN.

最終更新日 2017 年 8 月 17 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.