Atlassian Confluence LDAP

Configuring Confluence to work with Foxpass's LDAP server

Confluence is a team collaboration and administration tool made by Atlassian. It supports using LDAP as an authentication mechanism into its interface. General instructions for setting up LDAP can be found here:

Detailed instructions on how to use Foxpass's LDAP with Confluence are below.

Create an LDAP Binder

Note your Base DN on the dashboard page and mark it down.

Create an LDAP Binder account with the name 'confluence' (or easily identifiable) on the LDAP binders page. Copy/paste the generated password! It is only displayed once.

Also make a note of the binder's CN (i.e. cn=confluence,dc=≪example≫,dc=≪com≫).

Configure Confluence

  1. Click the cog icon, then choose General Configuration
  2. Click User Directories in the left-hand panel
  3. Add a directory and select LDAP type
  4. Next, configure the server settings as outlined below, inserting your own information where marked by the double arrows

Server Settings

Name: Foxpass LDAP
Directory Type: OpenLDAP
Port: 636
Username: cn=confluence,dc=≪example≫,dc=≪com≫
Password: ≪binder password≫

Schema Settings

Base DN: dc=≪example≫,dc=≪com≫
Additional User DN: ou=people
Additional Group DN: ou=groups

Permission Settings

If you'd like to create additional local Confluence groups in addition to the ones in Foxpass, choose Read Only, with Local Groups. Otherwise, select Read Only to use Foxpass as your sole source of truth. Further information can be found in Atlassian's documentation.

Advanced Settings

Secure SSL: Checked (automatically checked via port 636 configuration)
Enable Nested Groups: Unchecked
Use Paged Results: Unchecked
Follow Referrals: Unchecked
Naive DN Matching: Checked
Update group memberships: Every time user logs in
Synchronisation Interval (minutes): 30
Read Timeout (seconds): 120
Search Timeout (seconds): 60
Connection Timeout (seconds): 10

User Schema Settings

User Object Class: inetOrgPerson
User Object Filter: (objectclass=inetOrgPerson)
(Optional) Alternative: (objectclass=posixAccount) (this will filter out standard users)
User Name Attribute: uid
User Name RDN Attribute: cn
User First Name Attribute: gn
User Last Name Attribute: sn
User Display Name Attribute: cn
User Email Attribute: mail
User Password Attribute: userPassword
User Password Encryption: ssha
User Unique ID Attribute: entryUUID

Group Schema Settings

Group Object Class: groupOfNames
Group Object Filter: (objectClass=groupOfNames)
(Optional) Alternative: (objectclass=posixGroup) (this will filter out non-posix groups)
Group Name Attribute: cn
Group Description Attribute: description

Membership Schema Settings

Group Members Attribute: member
User Membership Attribute: memberOf
Use the User Membership Attribute: Checked

After that you're good to go!