This page last changed on Apr 26, 2007 by mryall.

The LDAP server connection is specified by manually editing the file atlassian-user.xml. Confluence 2.3 onwards supports multiple LDAP servers by repeating the instructions below for each server so that there are multiple repositories defined.

Stage 1 - Configure Connection Details

  1. Edit the file .../confluence/WEB-INF/classes/atlassian-user.xml and configure the connection for either AD or LDAP.
  2. If your Active Directory Server allows anonymous searches, then you do not need to specify a securityPrincipal and securtyCredential at all. For an example of how you would configure Confluence to allow anonymous authentication, see Enable Anonymous Authentication in LDAP or Active Directory

  3. To connect to LDAP over SSL, see Connect to LDAP via SSL

  4. Check your configuration against the example connection details shown below.
    <ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
        <host>hecate.atlassian.com</host>
        <port>389</port>
        <securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
        <securityCredential>secret</securityCredential>
        <securityProtocol>plain</securityProtocol>
        <securityAuthentication>simple</securityAuthentication>
        <baseContext>dc=atlassian,dc=private</baseContext>
    
    ....

Stage 2 - Map LDAP Data Tree

  1. Configuring the mappings in atlassian-user.xml for either AD or LDAP.
  2. Check your configuration against the example connection details shown below.
    ...
    
        <baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
        <baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
        <usernameAttribute>cn</usernameAttribute>
        <userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
        <firstnameAttribute>givenname</firstnameAttribute>
        <surnameAttribute>sn</surnameAttribute>
        <emailAttribute>mail</emailAttribute>
        <groupnameAttribute>cn</groupnameAttribute>
        <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
        <membershipAttribute>member</membershipAttribute>
    </ldap>

Stage 3 - Optional LDAP Settings

The following settings do not appear in the default atlassian-user.xml file:

<poolingOn>true</poolingOn>
<maxSize>0</maxSize>
<initSize>10</initSize>
<prefSize>10</prefSize>
<debugLevel>none</debugLevel>
<securityProtocol>plain ssl</securityProtocol>
<authentication>simple</authentication>
<timeout>0</timeout>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<batchSize>100</batchSize>
<timeToLive>0</timeToLive>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>

However, if you want to override the default values listed above, you can add the value onto the end like so:

...
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
    <initSize>20</initSize>
</ldap>

It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here.

Configuring multiple LDAP repositories

For some LDAP servers, it might be necessary to configure Confluence to connect to multiple LDAP servers. This functionality is available in Confluence 2.3 and above, and has a separate guide: Configuring multiple LDAP repositories.

Related pages

Add LDAP Integration With Group Management
Configuring multiple LDAP repositories

Document generated by Confluence on May 01, 2007 19:28