Confluence Docs 2.10 : Add LDAP Integration For User Authentication Only
This page last changed on Oct 21, 2008 by dyu.
OverviewTo configure Confluence to connect to LDAP for user management only, you have two options:
Important Points about Option 2 Above
InstructionsStep 1: Modify atlassian-user.xml to use OSUser ManagementFor Confluence 2.7 and above, the default user repository is the hibernate repository (Atlassian User). To revert to OSUser, you will need to put the OSUser repository tag in the top position so it's the primary user management option. Modify /confluence/WEB-INF/classes/atlassian-user.xml to contain this: <atlassian-user> <repositories> <osuser key="osuserRepository" name="OSUser Repository"/> <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/> </repositories> </atlassian-user> Note: For Confluence version prior to 2.7, if you have delegated your user management to JIRA, LDAP or any other external user management system, copy the following files from your old Confluence installation to your new Confluence installation:
Step 2: Open the osuser.xml file located in your home directory under WEB-INF/classesIn the osuser.xml file, the CredentialsProviders are responsible for authenticating passwords. The default CachingCredentialsProvider looks in the Confluence database. To enable LDAP aunthentication, you will need to add a LDAPCredentialsProvider, so that LDAP users can also be authenticated: Here's what the default osuser.xml contains:
<provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> Step 3: Edit the osuser.xml file as shown belowFor Confluence version 2.1 and later:
<provider class="com.atlassian.confluence.user.ConfluenceLDAPCredentialsProvider"> <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property> <property name="java.naming.provider.url">ldap://localhost:389</property> <property name="searchBase">dc=atlassian,dc=com</property> <property name="uidSearchName">cn</property> <!-- <property name="java.naming.security.principal">cn=Manager,dc=atlassian,dc=com</property> <property name="java.naming.security.credentials">secret</property> <property name="exclusive-access">true</property> --> </provider> <provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider>
<provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider"> <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property> <property name="java.naming.provider.url">ldap://localhost:389</property> <property name="searchBase">dc=atlassian,dc=com</property> <property name="uidSearchName">cn</property> <!-- <property name="java.naming.security.principal">cn=Manager,dc=atlassian,dc=com</property> <property name="java.naming.security.credentials">secret</property> <property name="exclusive-access">true</property> --> </provider> <provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider>
RELATED TOPICS |
![]() |
Document generated by Confluence on Dec 03, 2008 15:04 |