This page last changed on Mar 20, 2007 by david.soul@atlassian.com.
The LDAP server connection is specified by manually editing the file atlassian-user.xml. Confluence 2.3 onwards supports multiple LDAP servers by repeating the instructions below for each server so that there are multiple repositories defined.
- Edit the file .../confluence/WEB-INF/classes/atlassian-user.xml and configure the connection for either AD or LDAP.
- If your Active Directory Server allows anonymous searches, then you do not need to specify a securityPrincipal and securtyCredential at all. For an example of how you would configure Confluence to allow anonymous authentication, see Enable Anonymous Authentication in LDAP or Active Directory
- To connect to LDAP over SSL, see Connect to LDAP via SSL
- Check your configuration against the example connection details shown below.
<ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
<host>hecate.atlassian.com</host>
<port>389</port>
<securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>dc=atlassian,dc=private</baseContext>
....
Stage 2 - Map LDAP Data Tree
- Configuring the mappings in atlassian-user.xml for either AD or LDAP.
- Check your configuration against the example connection details shown below.
...
<baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
</ldap>
Stage 3 - Optional LDAP Settings
The following settings do not appear in the default atlassian-user.xml file:
<poolingOn>true</poolingOn>
<maxSize>0</maxSize>
<initSize>10</initSize>
<prefSize>10</prefSize>
<debugLevel>none</debugLevel>
<securityProtocol>plain ssl</securityProtocol>
<authentication>simple</authentication>
<timeout>0</timeout>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<batchSize>100</batchSize>
<timeToLive>0</timeToLive>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>
However, if you want to override the default values listed above, you can add the value onto the end like so:
...
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
<initSize>20</initSize>
</ldap>
It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here
Does anyone know how to connect a LDAP server via SSL?

Posted by yum1 at Jan 02, 2007 12:28
|
Hi Ming,
Inside the comments of the below page is a few quick steps and a link to an atlassian page with the rest of the info.
http://confluence.atlassian.com/x/gkUC
Nicholas

Posted by nicholas@atlassian.com at Jan 02, 2007 15:52
|
Note: Confluence version 2.3 and later supports multiple LDAP servers. Simply configure a connection, in atlassian-user.xml, for each LDAP server.
I want to see this setting! I use openldap replication. But i don't know confluence setting.

Posted by joon@sds.co.kr at Feb 01, 2007 02:07
|
Is possible to remove hibernate user registry and use ldap registry only?

Posted by afilimonov at Feb 05, 2007 13:56
|
Andrei,
Unfortunately, such configuration is not possible. Feel free to create a feature request for it at:
http://jira.atlassian.com
Regards,
David

Posted by dchui at Feb 05, 2007 20:56
|
|