This page last changed on Nov 25, 2008 by jnolen.

This page is outdated. Use Add LDAP Integration instead.

Purpose

Confluence LDAP integration lets you delegate user and group management, and authentication to an LDAP server. This document covers upgrading Confluence 2.1.x with LDAP integration to version 2.2.x or later.

To decide if this is the correct document for you, please check what your current version of Confluence is, and how users are managed:

Existing user management Previous Confluence version Recommendation
Never setup LDAP before Any Follow these instructions instead
OSUser LDAP Any Follow these instructions instead
Atlassian-User LDAP 2.1.x Follow the instructions below

If you want to use LDAP with an older version of Confluence (prior to 2.1), you can use OSUser LDAP integration for LDAP authentication.

Overview

Several improvements have been made to AtlassianUser in Confluence 2.2 to make it more easier to configure. This was done by introducing a new, more simpler, configuration file (called atlassian-user.xml). Therefore, if you have setup AtlassianUser LDAP integration in Confluence 2.1.x and wish to upgrade to Confluence 2.2, you need to migrate your old settings over to this new file. Don't worry, this is easy to do.

It is recommended to upgrade to Atlassian-User LDAP integration. Users may keep their old OSUser LDAP style integration by enabling backwards compatibility, but administrators will still need to manually create a corresponding Confluence user account for each external LDAP user wanting to access Confluence. The new Atlassian-User LDAP does not have this issue.

Upgrade Instructions

Please check what the latest version of Confluence is. Unless you just installed the latest version, download the latest Confluence now and follow this guide on installing the new version. Once the installation is completed, follow the instructions below to add LDAP integration.

In your old Confluence 2.1.x install, open the confluence/WEB-INF/classes/atlassianUserContext.xml in a text editor and do a search for 'connectionProperties'. This will help you quickly locate your LDAP/Active Directory settings.

<property name="connectionProperties">
            <props>
                <prop key="host">localhost</prop>
                <prop key="port">389</prop>
                <prop key="securityPrincipal">cn=admin,dc=atlassian,dc=com</prop>
                <prop key="securityCredential">secret</prop>
                <prop key="securityProtocol">plain</prop>
                <prop key="securityAuthentication">simple</prop>
                <prop key="baseContext">dc=atlassian,dc=com</prop>
                <prop key="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</prop>
                <prop key="batchSize">100</prop>
                <prop key="timeToLive">0</prop>
            </props>
...

In your new Confluence 2.2 program files, download the ldap_hibernate_cache_atlassian-user.xml to your confluence/WEB-INF/classes directory and rename to atlassian-user.xml (be sure to remove the old atlassian-user.xml in that directory first).

Now open up atlassian-user.xml in a text editor and transfer your settings across from your atlassianUserContext.xml file. For example:

Setting in atlassianUserContext.xml
...
<prop key="host">localhost</prop>
...

Looks like this in the new configuration file:

Equivalent setting in atlassian-user.xml
...
<host>localhost</host>
...

And so on, with other settings.

Remember, the atlassian-user.xml is among your new Confluence 2.2 program files, and atlassianUserContext.xml is from your old Confluence 2.1 installation.

Be sure to transfer the settings for schemaMappingsProperties as well. That is:

<property name="schemaMappingsProperties">
            <props>
                <prop key="baseUserNamespace">CN=Users,DC=ad,DC=atlassian,DC=com</prop>
                <prop key="baseGroupNamespace">CN=Users,DC=ad,DC=atlassian,DC=com</prop>
                <prop key="usernameAttribute">sAMAccountName</prop>
                <prop key="userSearchFilter">(objectClass=person)</prop>
...

Please note that the LDAP connection pool settings are not shown in the atlassian-user.xml intentionally to keep it simple. If you have used non-default values (that is, if you previously adjusted these values, then you can simply following the naming convention used and move them across. If you have any difficulty doing this, please contact us). Example:

...
<poolingOn>true</poolingOn>        
<maxSize>0</maxSize>
<initSize>10</initSize>
<prefSize>10</prefSize>
<debugLevel>none</debugLevel>
...

If you cannot find a tag for a particular setting inside the atlassian-user.xml, then it is not essential to move across. And that's all there is to it!

Document generated by Confluence on Dec 03, 2008 15:18