This document will outline how to work out the values needed when configuring connection between Confluence & LDAP. The last step in this document involving JXplorer is not compulsory but it will allow you to test out your connection details.
Host and Port values
Enter in the DNS name of your Active Directory server. If you don't have a DNS name configured, you can use the IP address.
The default port for connecting to AD is 389. If you have this set to something else, please change this value.
Security Principal and Security Credential
These two values are equivalent to the username and password to log on to your Active Directory instance. You need to specify an account that is able to browse and search your AD tree.
For this example, I will use the administrator account on the server.
From the above screenshot, the value for securityPrincipal would be CN=Administrator,CN=Users,DC=ad,DC=atlassian,DC=com. Here's the breakdown of how to work this out:
- ad.atlassian.com is the DNS name of our AD server so that's how we worked out CN=Administrator,CN=Users,DC=ad,DC=atlassian,DC=com. We prefixed each part of the DNS name with DC (which stands for Domain Component).
- Any folders or subfolders that branch from the server, we prefix with CN, hence CN=Administrator,CN=Users,DC=ad,DC=atlassian,DC=com (as the Administrator user account sits in the Users folder).
Finally, specify the windows password of the Administrator account for securityCredential. (in our case we've entered 'secret')
 | Please specify the full name of the account for CN. So, if the user is John Smith, you would use: CN=John Smith,CN=Users,DC=ad,DC=atlassian,DC=com |
Base Context
For baseContext, just specify DC=ad,DC=atlassian,DC=com (the DNS name prefixed with DC's)
Testing your connection values using JXplorer
JXplorer is a free tool that allows you to browse your AD/LDAP tree. You can download it from here.
Enter the connection details you established above into JXplorer as follows:
If you have any problems connecting, please take a screenshot of the error and submit a support ticket to http://support.atlassian.com.
Comments (2)
Nov 27, 2006
Knox North says:
I'm just a beginner with Confluence (it's good so far\!) and know even less abou...I'm just a beginner with Confluence (it's good so far!) and know even less about LDAP. In reading the documentation, I decided the first thing I should try is this Jexplorer because things generally go wrong in the pipes, i.e., a firewall stops this, a router changes that, a protocol setting is wrong. I have a pretty generic Windows 2003 server and it needed
username@localdomain.local
to be in the User DN to work. I haven't yet tried getting Confluence to work with the LDAP, but this certainly makes me leary. I'll post back here as I find out more.
Nov 29, 2006
Knox North says:
I was able to log in using the Distinguished Name stuff... When I examined...I was able to log in using the Distinguished Name stuff... When I examined the LDAP info coming from Active Directory I was able to see that the DN for the user I was logging in for does NOT include the computer DC. So using the parameters of the above example, instead of
CN=John Smith,CN=Users,DC=ad,DC=atlassian,DC=com
I used
CN=John Smith,CN=Users,DC=atlassian,DC=com
which makes some sort of sense, because the user belongs to the domain, not to a specific computer.