This page last changed on May 30, 2010 by ganand.

Users in your LDAP repository will not automatically have the right group membership to be able to access your Confluence instance. In most cases, this is due to Confluence access being limited to those in the confluence-users group. This page describes options for automatically adding users into this group, when they log in for the first time.

There are three Authenticators you can use to simplify the integration with LDAP.

Authenticator Purpose Configuration
ConfluenceAuthenticator This authenticator will not add any users to confluence-users automatically
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
ConfluenceGroupJoiningAuthenticator This authenticator will add ALL users to confluence-users automatically
<authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/>
ConfluenceLDAPGroupJoiningAuthenticator This authenticator will only add LDAP users to confluence-users automatically
<authenticator class="com.atlassian.confluence.user.ConfluenceLDAPGroupJoiningAuthenticator"/>

To use these authenticators, find the authenticator element in your <Confluence-Installation-Directory>/confluence/web-inf/classes/seraph-config.xml file and replace this element with the appropriate XML snippet from the table above. You will need to restart Confluence for this change to take effect.

In both of the joining cases above, users will only be added to the confluence-users group if they at least have VIEW permissions to your application.

Issue CONF-17366
There is currently a problem in that the above procedure does not work for users who are already authorised to use Confluence. The cause is that the authenticator does not add LDAP users to the confluence-users group if they already have the 'Can Use' permission via another group or individual global permission. Please follow CONF-17366 to see the progress of this issue.
Issue CONF-13754
If you are experiencing performance problems when logging in, it may be due to CONF-13754. You can download the following files and put them in <confluence-installation-directory>/confluence/WEB-INF/classes/com/atlassian/confluence/user: ConfluenceGroupJoiningAuthenticator.class and ConfluenceGroupJoiningAuthenticator$1.class. This will override the built-in version of ConfluenceGroupJoiningAuthenticator in Confluence 3.0.1 and earlier versions of Confluence.

Document generated by Confluence on Jul 09, 2010 01:09