This page last changed on Jan 14, 2007 by rosie@atlassian.com.

Your LDAP or Active Directory details should be specified in confluence/WEB-INF/classes/atlassian-user.xml.

Note: Confluence version 2.3 and later supports multiple LDAP servers. Simply configure a connection, in atlassian-user.xml, for each LDAP server.

Configuring the connection between your LDAP system and Confluence

An example connection, in atlassian-user.xml, between Confluence and an LDAP system.

<ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
    <host>hecate.atlassian.com</host>
    <port>389</port>
    <securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
    <securityCredential>secret</securityCredential>
    <securityProtocol>plain</securityProtocol>
    <securityAuthentication>simple</securityAuthentication>
    <baseContext>dc=atlassian,dc=private</baseContext>

....



If you are unsure of what to specify or how to determine these values and:

a) you are using Active Directory please see this document.
b) otherwise, please see this document.

If your Active Directory Server allows anonymous searches, then you do not need to specify a securityPrincipal and securtyCredential at all. For an example of how you would configure Confluence to allow anonymous authentication, see this document.


Mapping your LDAP Data Information Tree to Confluence

An example configuration of mappings, in <INSTALL>/confluence/WEB-INF/classes/atlassian-user.xml, between Confluence and an LDAP system.

...

    <baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
    <baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
    <usernameAttribute>cn</usernameAttribute>
    <userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
    <firstnameAttribute>givenname</firstnameAttribute>
    <surnameAttribute>sn</surnameAttribute>
    <emailAttribute>mail</emailAttribute>
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
</ldap>



For further details on this attributes and you are using:

a) Active Directory, please see this document.
b) otherwise please see this document.

Configuring the LDAP Connection Pool (Optional)

The following settings do not appear in the default <INSTALL>/confluence/WEB-INF/classes/atlassian-user.xml file:

<poolingOn>true</poolingOn>
<maxSize>0</maxSize>
<initSize>10</initSize>
<prefSize>10</prefSize>
<debugLevel>none</debugLevel>
<securityProtocol>plain ssl</securityProtocol>
<authentication>simple</authentication>
<timeout>0</timeout>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<batchSize>100</batchSize>
<timeToLive>0</timeToLive>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>



However, if you want to override the default values listed above, you can add the value onto the end like so:

...
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
    <initSize>20</initSize>
</ldap>



It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here

Does anyone know how to connect a LDAP server via SSL?

Posted by yum1 at Jan 02, 2007 12:28

Hi Ming,

Inside the comments of the below page is a few quick steps and a link to an atlassian page with the rest of the info.

http://confluence.atlassian.com/x/gkUC

Nicholas

Posted by nicholas@atlassian.com at Jan 02, 2007 15:52

Note: Confluence version 2.3 and later supports multiple LDAP servers. Simply configure a connection, in atlassian-user.xml, for each LDAP server.

I want to see this setting! I use openldap replication. But i don't know confluence setting.

Posted by joon@sds.co.kr at Feb 01, 2007 02:07

Is possible to remove hibernate user registry and use ldap registry only?

Posted by afilimonov at Feb 05, 2007 13:56

Andrei,

Unfortunately, such configuration is not possible. Feel free to create a feature request for it at:

http://jira.atlassian.com

Regards,
David

Posted by dchui at Feb 05, 2007 20:56
Document generated by Confluence on Feb 08, 2007 00:01