Configuring User Directories

A user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups.

The internal directory stores user and group information in the Confluence database. You can also connect to external user directories, and to Atlassian Crowd and Jira applications as directory managers.

User Directory keys

Since Confluence 8.8, User Directory passwords are automatically AES encrypted. Be sure to backup the relevant keys under your local confluence-home/keys for single-node instances (or your shared home directory for clustered instances).


tip/resting Created with Sketch.

Managing 500+ users across Atlassian products?
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.

Configuring User Directories in Confluence

To configure your Confluence user directories:

  1. Select Administration menu , then select General Configuration
  2. Click 'User Directories' in the left-hand panel.

Connecting to a Directory

You can add the following types of directory servers and directory managers:

You can add as many external user directories as you need. Note that you can define the order of the directories. This determines which directory Confluence will search first, when looking for user and group information. See Managing Multiple Directories.

Updating Directories

Limitations when editing directories

You cannot edit, disable, or remove the directory your user belongs to. This precaution is designed to prevent administrators from locking themselves out of the application by changing the directory configuration in a way that prevents them logging in or removes their administration permissions.

This limitation applies to all directory types. For example:

  • You cannot disable the internal directory if your user is an internal user.
  • You cannot disable or remove an LDAP or a Crowd directory if your user comes from that directory.

In some situations, reordering the directories will change the directory from which the current user comes from, if a user with the same username happens to exist in both. This behavior can be used in some cases to create a copy of the existing configuration, move it to the top, then remove the old one. Note, however, that duplicate usernames are not a supported configuration.

You cannot remove the internal directory. This precaution aligns with the recommendation below that you always keep an administrator account active in the internal directory.

Recommendations

The recommended way to edit directory configurations is to log in as an internal user when making changes to the external directory configuration.

(warning) We recommend that you keep either an administrator or system administrator user active in your internal directory for troubleshooting problems with your user directories.

Enabling, Disabling and Removing Directories

You can enable or disable a directory at any time. If you disable a directory, your configuration details will remain but the application will not recognize the users and groups in that directory.

You have to disable a directory before you can remove it. Removing a directory will remove the details from the database.

Screenshot above: Configuring user directories

Last modified on Feb 8, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.