Confluence 2.6 : Add LDAP Integration For User Authentication Only
This page last changed on Jun 25, 2007 by smaddox.
DescriptionThere are two kinds of Confluence/LDAP integration available:
This guide covers LDAP without groups, where if a username exists in both Confluence and LDAP, they use their LDAP password to login. You still maintain users from Confluence and use internal Confluence groups for group permissions. Alternatively, you may use LDAP with Groups to have users and groups automatically updated from LDAP, and use LDAP groups for group permissions. Applies For
Important Points
InstructionsCAUTION: Make sure that when you first set up Confluence, you make no changes to the default osuser.xml. Once Confluence is up and running, you can then apply the changes described here to enable LDAP integration.
Step One: Open the osuser.xml file located in your home directory under WEB-INF/classesIn the osuser.xml file, the CredentialsProviders are responsible for authenticating passwords. The default CachingCredentialsProvider looks in the Confluence database. To enable LDAP aunthentication, you will need to add a LDAPCredentialsProvider, so that LDAP users can also be authenticated: Here's what the default osuser.xml contains:
<provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> Step Two: Edit the osuser.xml file as shown below:For Confluence version 2.1 and later:
<provider class="com.atlassian.confluence.user.ConfluenceLDAPCredentialsProvider"> <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property> <property name="java.naming.provider.url">ldap://localhost:389</property> <property name="searchBase">dc=atlassian,dc=com</property> <property name="uidSearchName">cn</property> <!-- <property name="java.naming.security.principal">cn=Manager,dc=atlassian,dc=com</property> <property name="java.naming.security.credentials">secret</property> <property name="exclusive-access">true</property> --> </provider> <provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider>
<provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider"> <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property> <property name="java.naming.provider.url">ldap://localhost:389</property> <property name="searchBase">dc=atlassian,dc=com</property> <property name="uidSearchName">cn</property> <!-- <property name="java.naming.security.principal">cn=Manager,dc=atlassian,dc=com</property> <property name="java.naming.security.credentials">secret</property> <property name="exclusive-access">true</property> --> </provider> <provider class="bucket.user.providers.CachingCredentialsProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingAccessProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider> <provider class="bucket.user.providers.CachingProfileProvider"> <property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property> <property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property> </provider>
RELATED TOPICS
|
![]() |
Document generated by Confluence on Oct 10, 2007 18:48 |