Confluence 2.6 : Customising atlassian-user.xml
This page last changed on Jul 26, 2007 by ivan@atlassian.com.
The LDAP server connection is specified by manually editing the file atlassian-user.xml. Confluence 2.3 onwards supports multiple LDAP servers by repeating the instructions below for each server so that there are multiple repositories defined. Stage 1 - Configure Connection Details
Stage 2 - Map LDAP Data Tree
Stage 3 - Directory Search Depth SettingsThese are the default settings: ... <userSearchAllDepths>false</userSearchAllDepths> <groupSearchAllDepths>false</groupSearchAllDepths> The above settings configure the search depth on users and groups. If you set either attribute to:
Stage 4 - Optional LDAP SettingsThe following settings do not appear in the default atlassian-user.xml file: <poolingOn>true</poolingOn> <maxSize>0</maxSize> <initSize>10</initSize> <prefSize>10</prefSize> <debugLevel>none</debugLevel> <securityProtocol>plain ssl</securityProtocol> <authentication>simple</authentication> <timeout>0</timeout> <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory> <batchSize>100</batchSize> <timeToLive>0</timeToLive> However, if you want to override the default values listed above, you can add the value onto the end like so: ... <groupnameAttribute>cn</groupnameAttribute> <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter> <membershipAttribute>member</membershipAttribute> <initSize>20</initSize> </ldap> It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here. Stage 5 - Configure LDAP for User Authentication onlyDescriptionThere are two kinds of Confluence/LDAP integration available:
This section covers LDAP without groups, where if a username exists in both Confluence and LDAP, they use their LDAP password to login. You still maintain users from Confluence and use internal Confluence groups for group permissions. Alternatively, you may use LDAP with Groups to have users and groups automatically updated from LDAP, and use LDAP groups for group permissions. Applies For
Important Points
InstructionsIf you do not wish Confluence to retrieve any of your LDAP groups and display them inside Confluence then you can do this by specifying a dummy value for the groupSearchFilter filter in your atlassian-user.xml file. That is update your atlassian-user.xml file with the following: <groupSearchFilter>(objectClass=dummyValue)</groupSearchFilter> An example atlassian-user.xml file: <baseUserNamespace>cn=users,dc=ad,dc=atlassian,dc=com</baseUserNamespace> <baseGroupNamespace>ou=groups,dc=ad,dc=atlassian,dc=com</baseGroupNamespace> <usernameAttribute>sAMAccountName</usernameAttribute> <userSearchFilter>(objectClass=user)</userSearchFilter> <firstnameAttribute>givenname</firstnameAttribute> <surnameAttribute>sn</surnameAttribute> <emailAttribute>mail</emailAttribute> <groupnameAttribute>cn</groupnameAttribute> <groupSearchFilter>(objectClass=dummyValue)</groupSearchFilter> <membershipAttribute>member</membershipAttribute> <userSearchAllDepths>false</userSearchAllDepths> <groupSearchAllDepths>false</groupSearchAllDepths> Please note: You will still have to provide a valid LDAP DN for baseGroupNamespace. You could use the base DN for example. Configuring multiple LDAP repositoriesFor some LDAP servers, it might be necessary to configure Confluence to connect to multiple LDAP servers. This functionality is available in Confluence 2.3 and above, and has a separate guide: Configuring multiple LDAP repositories. Related pages |
![]() |
Document generated by Confluence on Oct 10, 2007 18:48 |