説明

If you'd like to configure LDAP for user management and authentication only, start by configuring LDAP integration with groups, and continue to this point to remove group management.

Applies For

• Enabling LDAP for the first time
• Upgrading existing LDAP without enabling group management

Important Points

• LDAP users will be mapped to Confluence. If the Confluence username coincides with the LDAP username, the password lookup is done against LDAP. Group management will happen in Confluence.
• Each LDAP user must be added to an internal Confluence group having Can Use permissions in order for those LDAP users to access Confluence. If a password is created for an LDAP user in Confluence, it will be ignored as the LDAP password will override it.

手順

If you do not wish Confluence to retrieve any of your LDAP groups and display them inside Confluence then you can do this by specifying a dummy value for the groupSearchFilter filter in your atlassian-user.xml file. That is, update your atlassian-user.xml file with the following:

<groupSearchFilter>(objectClass=dummyValue)</groupSearchFilter>

An example atlassian-user.xml file:

<baseUserNamespace>cn=users,dc=ad,dc=atlassian,dc=com</baseUserNamespace>
<baseGroupNamespace>ou=groups,dc=ad,dc=atlassian,dc=com</baseGroupNamespace>
<usernameAttribute>sAMAccountName</usernameAttribute>
<userSearchFilter>(objectClass=user)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=dummyValue)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
<userSearchAllDepths>false</userSearchAllDepths>
<groupSearchAllDepths>false</groupSearchAllDepths>

Please note: You will still have to provide a valid LDAP DN for baseGroupNamespace. Confluence still performs a search for groups quite frequently, so you should use a DN without many child nodes, like an individual user DN.