This page last changed on Sep 19, 2006 by david.soul@atlassian.com.
Deprecation Notice
This document has been deprecated as of 1st March 2006. Please use this document instead.

If you have a brand new Confluence installation and:

  • you are not upgrading from an older version and
  • do not have any users set up beyond the admin account created during the setup wizard

This document will run you through how you can plug Confluence up with the new Atlassian-User-LDAP-Integration.

Download sample atlassianUserContext.xml

Download hibernate_ldap_cache_atlassianUserContext.xml and rename to atlassianUserContext.xml and copy it to your confluence/WEB-INF/classes directory.

Unable to render {include} Couldn't find a page to include called: Customising atlassianUserContext.xml

Set up the Administrator Account

Now that you have plugged Confluence into LDAP, you need to set up an admin account (Confluence cannot access the original admin account you created, because you have switched over to using LDAP as your main user repository).

  1. Either create a new LDAP user account called 'admin' or elect your own LDAP user account to be the administrator account.
  2. Now create two LDAP groups: confluence-administrators and confluence-users.
  3. Grant the admin account membership to these groups.

You should now be able to log into Confluence with this account and have full administrative rights.

To enable a user in your LDAP system to access Confluence, you need to do one of the following:

  • grant the LDAP user account membership to confluence-users inside LDAP or
  • log in as admin, goto Administration > Global Permissions and grant an LDAP group the Confluence 'USE' permission. This will effectively give all LDAP user accounts in that group access to Confluence.

Some questions....

  1.  Is it possible to specify multiple LDAP servers for fault tolerance? (i.e. one server is down so Confluence uses the next one)
  2. Once you have the "confluence-administrators" and "confluence-users" coming out of LDAP, can space administrators still grant access to LDAP-based users inside Confluence? That is, users would gain initial access to Confluence out of LDAP (being in the "confluence-users" group and logging with correct LDAP username/password) but then additional access would be granted inside Confluence (and access privileges would be stored within Confluence)

Thanks....this looks very helpful.

Posted by andriven at Feb 17, 2006 17:46

Andrew,

1. You can specify multiple repositories but mirrored repositories is not a supported configuration at this stage.

2. Yes. Confluence privilege information is still stored inside Confluence. Please note that when you are assigning space permissions, the user browser will only show users that have USE permission (either explicitly or via a group that has been assigned it).

Cheers,
Dave

Posted by dave@atlassian.com at Feb 21, 2006 23:04

To test the LDAP-posibility of confluence I took a Evaluation Licence.
I have made a fresh confluence-installation (confluence-2.1.3-std) to use LDAP with it. My LDAP-Server is running under Netware 6.0.
With help from your site:

<http://confluence.atlassian.com/display/DEV/How+to+set+up+Atlassian-User-LDAP-Integration+for+new+installations>

I configure the file "atlassianUserContext.xml" and create the groups "confluence-users" and "confluence-administrators" in the group-context of my NDS-tree. Then I create the user "admin" and put him to the groups "confluence-users" and "confluence-administrators".
I give him the givenname "Confluence" and the sn "Admin".
I also create a user "gna" and put him to the group "confluence-users". When I login as "gna" I come to my Dashboard "Welcome Hero Gnam".

When I login as "admin" confluence give the message "Welcome Confluence Admin"
next line: Login To Confluence
next line: You do not have permission to access/admin/console.action. ...
after that: the login-form again.

If I click the hyperlink "Dashbord" in the left I come to the Page "Welcome to Confluence".
 
But I am missing the possibility to work as Confluence Administrator. What's wrong?

Posted by gna at Feb 28, 2006 04:52
Document generated by Confluence on Feb 07, 2007 23:55