How to change the number of users synchronized from LDAP to Confluence
Purpose
If you have connected Confluence to an LDAP directory for user and group management, you may want configure Confluence to synchronise a subset of users from LDAP rather than all users. There are two reasons why you might make this change:
- Improving performance – If you have performance issues during the synchronisation process, you may be able to improve this by synchronising a subset of data instead.
- Reducing your user count – You can synchronise a subset of users to Confluence from LDAP to reduce your user count. This will allow you to count fewer users against your Confluence license. See this page for information about other ways of reducing your user count: see Managing your Confluence License.
Solution
The procedure depends on how you initially set up your LDAP directory. If you have all your Confluence users in one organisational unit and your non-Confluence users in another organisational unit, then you can simply configure Confluence to synchronise users against a particular DN (distinguished name). However, if your setup is not so simple (for example, you have your Confluence users and non-Confluence users in the same node) you will need to define an LDAP filter to synchronise the relevant users. Both of these methods are outlined below.
Synchronising against Base DN, Additional User DN and Additional Group DN
- Log in as a Confluence system administrator.
- Choose Browse > Confluence Admin.
- Choose User Directories in the left-hand panel.
- Choose your LDAP directory from the list.
- Update the Base DN field, and optionally the Additional User DN and/or Additional Group DN to query the directory server as desired. For a description of these fields, see Connecting to an LDAP Directory.
For example, if you have configured all of your Confluence users in theconfluence-users
organisational unit only, for your company atmycompany.example.com
, your configuration would look like this:
- Base DN —
dc=mycompany,dc=example,dc=com
- Additional User DN —
ou=confluence-users
Defining an LDAP filter
- Log in as a Confluence system administrator.
- Choose Browse > Confluence Admin.
- Choose User Directories in the left-hand panel.
- Choose your LDAP directory from the list.
- Update User Object Filter and/or Group Object Filter fields as desired. For a description of these fields, see Connecting to an LDAP Directory. The syntax for LDAP filters is not simple and your query will depend on how you have set up your LDAP directory.
For example, if you have configured only Confluence groups to have 'confluence' in the CN, you can use a wildcard search in your filter to find them by setting the Group Object Filter = (&(objectCategory=group)(cn=*confluence*))
Pulling objects from more than one OU
To pull users or groups from multiple OUs do not attempt to define more than one OU in the Base DN field. Rather, use an LDAP filter as explained under the heading Matching Components of Distinguished Names in the article How to write LDAP search filters. This method will not work for Active Directory. Please see this article from Microsoft for more information: http://msdn.microsoft.com/en-us/library/cc223241.aspx
Related topics :