# Best Practice for managing OpenLDAP directory

#### Still need help?

The Atlassian Community is here for you.

This best practice guide is for those who are connecting Confluence with OpenLDAP user directory.

## #1. Make sure that group membership contains the full DN of the user

For groups, make sure that the members of a groups are defined by their FQDN instead of their DN. For example, the following group "cn=users" contains 3 members defined by their DNs, which may pose some problems when connecting into Confluence:

example of BAD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: john
memberUid: stephen
memberUid: wayne
---

Instead, make sure that the members are defined by their FQDN as per example below:

example of GOOD group LDIF
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: uid=john,ou=people,dc=mycompany,dc=com
memberUid: uid=stephen,ou=people,dc=mycompany,dc=com
memberUid: uid=wayne,ou=people,dc=mycompany,dc=com
---

OpenLDAP connector accepts group entries in the format of FQDN, while the OpenLDAP-Posix (Read Only) connection accepts group entries in the format of DN.