Best Practice for managing OpenLDAP directory

Still need help?

The Atlassian Community is here for you.

Ask the community

Overview heading

This best practice guide is for those who are connecting Confluence with OpenLDAP user directory.

#1. Make sure that group membership contains the full DN of the user

For groups, make sure that the members of a groups are defined by their FQDN instead of their DN. For example, the following group "cn=users" contains 3 members defined by their DNs, which may pose some problems when connecting into Confluence:

example of BAD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: john
memberUid: stephen
memberUid: wayne
---

 

Instead, make sure that the members are defined by their FQDN as per example below:

example of GOOD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: uid=john,ou=people,dc=mycompany,dc=com
memberUid: uid=stephen,ou=people,dc=mycompany,dc=com
memberUid: uid=wayne,ou=people,dc=mycompany,dc=com
---

(info) OpenLDAP connector accepts group entries in the format of FQDN, while the OpenLDAP-Posix (Read Only) connection accepts group entries in the format of DN.

Last modified on Aug 17, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.