Skip to end of metadata
Comment: Corrected links that should have been relative instead of absolute.
Go to start of metadata
This documentation is out of date

Please refer to the latest documentation on Understanding User Management in Confluence and Connecting to an LDAP Directory.

This article gives some specific tips for Active Directory. The standard Atlassian documentation can be found here.

This document outlines how to configure Confluence to understand the attributes you use to define your users and groups in your Active Directory.

Before you start...

Download this Active Directory friendly atlassian-user.xml. Modify this file for your Active Directory configuration (see mapping instructions below). Replace the current WEB-INF/classes/atlassian-user.xml file with the modified atlassian-user.xml.

baseUserNamespace and baseGroupNamespace

As shown in the above screenshot, our Active Directory stores both users and groups under the Users folder. Hence both baseUserNamespace and baseGroupNamespace is CN=Users,DC=ad,DC=atlassian,DC=com.

These values are not relative to baseContext, they are absolute.

usernameAttribute, firstNameAttribute, surnameAttribute, membershipAttribute and userSearchFilter

To work out these attributes we recommend that you download JXplorer and point it to your Active Directory server (if you haven't done so already, please see this document). Once you have connected, browse to a particular user:

From the screenshot, we've marked which attributes are relevant and what they should be mapped to. Here are some further notes:

  • userSearchFilter could well be organizationalPerson or even user. You can customize this to whatever distinguishes a user in your instance.
  • sAMAccountName is a common attribute used to denote the username. Setting the usernameAttribute to this will allow you to logon to Confluence using the username (in this case jsmith).

Escape XML

There are 5 special characters that you must escape when saving the Active Directory filters to XML:

Active Directory Character

Save To XML As

Description

<

&lt;

less than

>

&gt;

greater than

&

&amp;

ampersand

'

&apos;

apostrophe

"

&quot;

quotation mark

groupnameAttribute, groupSearchFilter and membershipAttribute

Now browse to a group in JXplorer. Below, we are browsing the Sales and Marketing group:

As with the user attributes, we've marked down the values for the group attributes above. Please update these in your XML file.

You can leave the other attributes at their default values.

More advanced userSearchFilter and groupSearchFilter

We recommend that you keep these two filters simple like the sample values used above. We recommend you do so until you get some minimal integration working between Confluence and Active Directory. Once you've done that you can try writing more complicated filters to restrict the user and group domains down further.


3 Comments

Hide/Show Comments

  1. Sep 08, 2006

    Christian Hansen

    Is there a possibility to include AD-specific group-in-group solutions. e.g. assigning rights to a group, whose members are again groups ?

    1. Mar 11, 2007

      Jean Marois

      An enhancement request has been filed, http://jira.atlassian.com/browse/USER-101. Vote for it.

  2. Mar 25, 2010

    Wallabee

    Is there a way to map further parameters from AD to Confluence, e.g. Phone, IM, Website, About Me, Company, Position, Department, Location?
    What are the parameter names to be used in the atlassian-user.xml for the Confluence side?