Atlassian Confluence LDAP
Configuring Confluence to work with Foxpass's LDAP server
Confluence is a team collaboration and administration tool made by Atlassian. It supports using LDAP as an authentication mechanism into its interface. General instructions for setting up LDAP can be found here:
https://confluence.atlassian.com/doc/connecting-to-an-ldap-directory-229838241.html
Detailed instructions on how to use Foxpass's LDAP with Confluence are below.
Create an LDAP Binder
Note your Base DN on the dashboard page and mark it down.
Create an LDAP Binder account with the name 'confluence' (or easily identifiable) on the LDAP binders page. Copy/paste the generated password! It is only displayed once.
Also make a note of the binder's CN (i.e. cn=confluence,dc=≪example≫,dc=≪com≫).
Configure Confluence
- Click the cog icon, then choose General Configuration
- Click User Directories in the left-hand panel
- Add a directory and select LDAP type
- Next, configure the server settings as outlined below, inserting your own information where marked by the double arrows
Server Settings
Name: Foxpass LDAP
Directory Type: OpenLDAP
Hostname: ldap.foxpass.com
Port: 636
Username: cn=confluence,dc=≪example≫,dc=≪com≫
Password: ≪binder password≫
Schema Settings
Base DN: dc=≪example≫,dc=≪com≫
Additional User DN: ou=people
Additional Group DN: ou=groups
Permission Settings
If you'd like to create additional local Confluence groups in addition to the ones in Foxpass, choose Read Only, with Local Groups. Otherwise, select Read Only to use Foxpass as your sole source of truth. Further information can be found in Atlassian's documentation.
Advanced Settings
Secure SSL: Checked (automatically checked via port 636 configuration)
Enable Nested Groups: Unchecked
Use Paged Results: Unchecked
Follow Referrals: Unchecked
Naive DN Matching: Checked
Update group memberships: Every time user logs in
Synchronisation Interval (minutes): 30
Read Timeout (seconds): 120
Search Timeout (seconds): 60
Connection Timeout (seconds): 10
User Schema Settings
User Object Class: inetOrgPerson
User Object Filter: (objectclass=inetOrgPerson)
(Optional) Alternative: (objectclass=posixAccount) (this will filter out standard users)
User Name Attribute: uid
User Name RDN Attribute: cn
User First Name Attribute: gn
User Last Name Attribute: sn
User Display Name Attribute: cn
User Email Attribute: mail
User Password Attribute: userPassword
User Password Encryption: ssha
User Unique ID Attribute: entryUUID
Group Schema Settings
Group Object Class: groupOfNames
Group Object Filter: (objectClass=groupOfNames)
(Optional) Alternative: (objectclass=posixGroup) (this will filter out non-posix groups)
Group Name Attribute: cn
Group Description Attribute: description
Membership Schema Settings
Group Members Attribute: member
User Membership Attribute: memberOf
Use the User Membership Attribute: Checked
After that you're good to go!
Updated 11 months ago