Editing atlassianUserContext.xml

Now open the atlassianUserContext.xml file in an editor and search for ldapRepository.

A segment of atlassianUserContext.xml
...

<!-- LDAP Configuration -->
<bean id="ldapRepository" class="com.atlassian.user.impl.ldap.repository.DefaultLDAPRepository" singleton="true" >
...

Configuring the connection between your LDAP system and Confluence

An example connection, in atlassianUserContext.xml, between Confluence and an LDAP system.

        <property name="connectionProperties">
            <props>
                <prop key="host">acme.server.com</prop>
                <prop key="port">389</prop>
                <prop key="securityPrincipal">cn=admin,dc=atlassian,dc=private</prop>
                <prop key="securityCredential">secret</prop>
                <prop key="securityProtocol">plain</prop>
                <prop key="securityAuthentication">simple</prop>
                  <prop key="baseContext">dc=atlassian,dc=private</prop>
                <prop key="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</prop>
                <prop key="batchSize">100</prop>
            </props>
        </property>

If you are unsure of what to specify or how to determine these values and:

a) you are using Active Directory please see this document.
b) otherwise, please see this document.

Mapping your LDAP Data Information Tree to Confluence

An example configuration of mappings, in atlassianUserContext.xml, between Confluence and an LDAP system.

        <property name="schemaMappingsProperties">
            <props>
                <prop key="baseUserNamespace">ou=people,dc=atlassian,dc=private</prop>
                <prop key="baseGroupNamespace">ou=groups,dc=atlassian,dc=private</prop>
                <prop key="usernameAttribute">cn</prop>
                <prop key="userSearchFilter">(objectClass=inetorgperson)</prop>
                <prop key="firstnameAttribute">givenname</prop>
                <prop key="surnameAttribute">sn</prop>
                <prop key="emailAttribute">mail</prop>
                <prop key="groupnameAttribute">cn</prop>
                <prop key="groupSearchFilter">(objectClass=groupOfNames)</prop>
                <prop key="membershipAttribute">member</prop>
                <prop key="userSearchAllDepths">true</prop>
                <prop key="groupSearchAllDepths">true</prop>
            </props>
        </property>

For further details on this attributes and you are using:

a) Active Directory, please see this document.
b) otherwise please see this document.

Configuring the LDAP Connection Pool

Adjust them as required but we advise you to leave the timeout property to zero.

Configuring an LDAP connection pool in the ldapRepository bean
     <constructor-arg>
           <props>
                <prop key="com.sun.jndi.ldap.connect.pool.maxsize">0</prop>
                <prop key="com.sun.jndi.ldap.connect.pool.initsize">10</prop>
                <prop key="com.sun.jndi.ldap.connect.pool.prefsize">10</prop>
               <!-- ldap connection pool debugging setting -->
<!--                <prop key="com.sun.jndi.ldap.connect.pool.debug">fine</prop>-->
                <prop key="com.sun.jndi.ldap.connect.pool.protocol">plain ssl</prop>
                <prop key="com.sun.jndi.ldap.connect.pool.authentication">none simple DIGEST-MD5</prop>
                <!-- TTL for each conn. in milliseconds. An idle connection reaching this limit will be destroyed.-->
                <prop key="com.sun.jndi.ldap.connect.pool.timeout">0</prop>
            </props>
       </constructor-arg>

It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.