You can configure Stash to use an LDAP directory for delegated authentication, while still using the internal directory for user and group management. There is an option to create users in the internal directory automatically when they attempt to log in, as described in the settings section below. To connect Stash to an LDAP directory for delegated authentication:
|
Server settings
Setting |
Description |
---|---|
Name |
A descriptive name that will help you to identify the directory. Examples:
|
Directory Type |
Select the type of LDAP directory that you will connect to. If you are adding a new LDAP connection, the value you select here will determine the default values for some of the options on the rest of screen. Examples:
|
Hostname |
The host name of your directory server. Examples:
|
Port |
The port on which your directory server is listening. Examples:
|
Use SSL |
Select this check box if the connection to the directory server is an SSL (Secure Sockets Layer) connection. Note that you will need to configure an SSL certificate in order to use this setting. |
Username |
The distinguished name of the user that the application will use when connecting to the directory server. Examples:
|
Password |
The password of the user specified above. |
Copying users on login
Setting | Description |
---|---|
Copy User on Login | This option affects what will happen when a user attempts to log in. If this check box is selected, the user will be created automatically in the internal directory that is using LDAP for authentication when the user first logs in and their details will be synchronised on each subsequent log in. If this check box is not selected, the user's login will fail.
|
Default Group Memberships | This field appears if you select the Copy User on Login check box. If you would like users to be automatically added to a group or groups, enter the group name(s) here. To specify more than one group, separate the group names with commas. Each time a user logs in, their group memberships will be checked. If the user does not belong to the specified group(s), their username will be added to the group(s). If a group does not yet exist, it will be added to the internal directory that is using LDAP for authentication.
|
Synchronise Group Memberships | This field appears if you select the Copy User on Login check box. If this check box is selected, group memberships specified on your LDAP server will be synchronised with Confluence each time the user logs in.
|
LDAP schema
Setting |
Description |
---|---|
Base DN |
The root distinguished name (DN) to use when running queries against the directory server. Examples:
|
User Name Attribute |
The attribute field to use when loading the username. Examples:
|
Advanced settings
Setting |
Description |
---|---|
Use Paged Results |
Enable or disable the use of the LDAP control extension for simple paging of search results. If paging is enabled, the search will retrieve sets of data rather than all of the search results at once. Enter the desired page size – that is, the maximum number of search results to be returned per page when paged results are enabled. The default is 1000 results. |
Follow Referrals |
Choose whether to allow the directory server to redirect requests to other servers. This option uses the node referral (JNDI lookup |
User schema settings
Note: this section is only visible when Copy User on Login is enabled.
Setting |
Description |
---|---|
Additional User DN |
This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN. Example:
|
User Object Class |
This is the name of the class used for the LDAP user object. Example:
|
User Object Filter |
The filter to use when searching user objects. Example:
|
User Name RDN Attribute |
The RDN (relative distinguished name) to use when loading the username. The DN for each LDAP entry is composed of two parts: the RDN and the location within the LDAP directory where the record resides. The RDN is the portion of your DN that is not related to the directory tree structure. Example:
|
User First Name Attribute |
The attribute field to use when loading the user's first name. Example:
|
User Last Name Attribute |
The attribute field to use when loading the user's last name. Example:
|
User Display Name Attribute |
The attribute field to use when loading the user's full name. Example:
|
User Email Attribute |
The attribute field to use when loading the user's email address. Example:
|
Group schema settings
Note: this section is only visible when both Copy User on Login and Synchronise Group Memberships are enabled.
Setting |
Description |
---|---|
Additional Group DN |
This value is used in addition to the base DN when searching and loading groups. If no value is supplied, the subtree search will start from the base DN. Example:
|
Group Object Class |
This is the name of the class used for the LDAP group object. Examples:
|
Group Object Filter |
The filter to use when searching group objects. Example:
|
Group Name Attribute |
The attribute field to use when loading the group's name. Example:
|
Group Description Attribute |
The attribute field to use when loading the group's description. Example:
|
Membership schema settings
Note: this section is only visible when both Copy User on Login and Synchronise Group Memberships are enabled.
Setting |
Description |
---|---|
Group Members Attribute |
The attribute field to use when loading the group's members. Example:
|
User Membership Attribute |
The attribute field to use when loading the user's groups. Example:
|
Use the User Membership Attribute, when finding the user's group membership |
Select the check box if your directory server supports the group membership attribute on the user. (By default, this is the 'memberOf' attribute.)
|