Problem

Many Confluence admins connect Confluence to an LDAP for user management. This is great, but you may go over your license limit if you pull in too many users from your LDAP system. In this example, we'll be using Confluence, but the steps detailed here apply to all Atlassian products that work with Crowd.

Symptoms

When using an LDAP directory for user management, too many users are pulled in, putting the Confluence instance over the licensed-user limit. An error is displayed stating that Confluence cannot be used until the number of users is brought below the limit.

Cause

No filters were set up in the LDAP integration - effectively adding all LDAP users as registered Confluence users.

Solution

You will need to specify a root to run queries against, Base DN, and can optionally specify an Additional User DN and Additional Group DN. These settings are accessed by editing the LDAP User Directory under Confluence Admin>>User Directories. See Schema Settings for details. For even finer-grained control, you can write a more specific LDAP search filter if needed.