Configuring User Directories
A user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups.
The internal directory stores user and group information in the Confluence database. You can also connect to external user directories, and to Atlassian Crowd and Jira applications as directory managers.
User Directory keys
Since Confluence 8.8, User Directory passwords are automatically AES encrypted. Be sure to backup the relevant keys under your local confluence-home/keys
for single-node instances (or your shared home directory for clustered instances).
Managing 500+ users across Atlassian products?
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.
Configuring User Directories in Confluence
To configure your Confluence user directories:
- Select Administration menu , then select General Configuration
- Click 'User Directories' in the left-hand panel.
Connecting to a Directory
You can add the following types of directory servers and directory managers:
- Confluence's internal directory. See Configuring the Internal Directory.
- Microsoft Active Directory. See Connecting to an LDAP Directory.
- Various other LDAP directory servers. See Connecting to an LDAP Directory.
- An LDAP directory for delegated authentication. See Connecting to an Internal Directory with LDAP Authentication.
- Atlassian Crowd or Jira 4.3 or later. See Connecting to Crowd or Jira for User Management.
You can add as many external user directories as you need. Note that you can define the order of the directories. This determines which directory Confluence will search first, when looking for user and group information. See Managing Multiple Directories.
Updating Directories
Limitations when editing directories
You cannot edit, disable, or remove the directory your user belongs to. This precaution is designed to prevent administrators from locking themselves out of the application by changing the directory configuration in a way that prevents them logging in or removes their administration permissions.
This limitation applies to all directory types. For example:
- You cannot disable the internal directory if your user is an internal user.
- You cannot disable or remove an LDAP or a Crowd directory if your user comes from that directory.
In some situations, reordering the directories will change the directory from which the current user comes from, if a user with the same username happens to exist in both. This behavior can be used in some cases to create a copy of the existing configuration, move it to the top, then remove the old one. Note, however, that duplicate usernames are not a supported configuration.
You cannot remove the internal directory. This precaution aligns with the recommendation below that you always keep an administrator account active in the internal directory.
Recommendations
The recommended way to edit directory configurations is to log in as an internal user when making changes to the external directory configuration.
We recommend that you keep either an administrator or system administrator user active in your internal directory for troubleshooting problems with your user directories.
Enabling, Disabling and Removing Directories
You can enable or disable a directory at any time. If you disable a directory, your configuration details will remain but the application will not recognize the users and groups in that directory.
You have to disable a directory before you can remove it. Removing a directory will remove the details from the database.
Screenshot above: Configuring user directories