Confluence 2.7 has reached end of life
Check out the [latest version] of the documentation
Editing atlassianUserContext.xml
Now open the atlassianUserContext.xml file in an editor and search for ldapRepository.
A segment of atlassianUserContext.xml
... <!-- LDAP Configuration --> <bean id="ldapRepository" class="com.atlassian.user.impl.ldap.repository.DefaultLDAPRepository" singleton="true" > ...
Here, and below, is the configuration for the connection to your LDAP server.
Configuring the connection between your LDAP system and Confluence
An example connection, in atlassianUserContext.xml, between Confluence and an LDAP system.
The old connection.properties config. moved to Spring in the ldapRepository bean
<property name="connectionProperties">
<props>
<prop key="host">acme.server.com</prop>
<prop key="port">389</prop>
<prop key="securityPrincipal">cn=admin,dc=atlassian,dc=private</prop>
<prop key="securityCredential">secret</prop>
<prop key="securityProtocol">plain</prop>
<prop key="securityAuthentication">simple</prop>
<prop key="baseContext">dc=atlassian,dc=private</prop>
<prop key="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</prop>
<prop key="batchSize">100</prop>
</props>
</property>
If you are unsure of what to specify or how to determine these values and:
a) you are using Active Directory please see this document.
b) otherwise, please see this document.
Mapping your LDAP Data Information Tree to Confluence
An example configuration of mappings, in atlassianUserContext.xml, between Confluence and an LDAP system.
<property name="schemaMappingsProperties">
<props>
<prop key="baseUserNamespace">ou=people,dc=atlassian,dc=private</prop>
<prop key="baseGroupNamespace">ou=groups,dc=atlassian,dc=private</prop>
<prop key="usernameAttribute">cn</prop>
<prop key="userSearchFilter">(objectClass=inetorgperson)</prop>
<prop key="firstnameAttribute">givenname</prop>
<prop key="surnameAttribute">sn</prop>
<prop key="emailAttribute">mail</prop>
<prop key="groupnameAttribute">cn</prop>
<prop key="groupSearchFilter">(objectClass=groupOfNames)</prop>
<prop key="membershipAttribute">member</prop>
<prop key="userSearchAllDepths">true</prop>
<prop key="groupSearchAllDepths">true</prop>
</props>
</property>
For an explanation of each of these attributes or how to go about finding what the attribute value is for your LDAP instance, please see this document.
Configuring the LDAP Connection Pool
Adjust them as required but we advise you to leave the timeout property to zero.
Configuring an LDAP connection pool in the ldapRepository bean
<constructor-arg>
<props>
<prop key="com.sun.jndi.ldap.connect.pool.maxsize">0</prop>
<prop key="com.sun.jndi.ldap.connect.pool.initsize">10</prop>
<prop key="com.sun.jndi.ldap.connect.pool.prefsize">10</prop>
<!-- ldap connection pool debugging setting -->
<!-- <prop key="com.sun.jndi.ldap.connect.pool.debug">fine</prop>-->
<prop key="com.sun.jndi.ldap.connect.pool.protocol">plain ssl</prop>
<prop key="com.sun.jndi.ldap.connect.pool.authentication">none simple DIGEST-MD5</prop>
<!-- TTL for each conn. in milliseconds. An idle connection reaching this limit will be destroyed.-->
<prop key="com.sun.jndi.ldap.connect.pool.timeout">0</prop>
</props>
</constructor-arg>
It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. More information about LDAP pools here
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.