This document outlines how to configure Confluence to understand the attributes you use to define your users and groups in your Active Directory.
시작하기전에 ...
Download this Active Directory friendly atlassian-user.xml
. Modify this file for your Active Directory configuration (see mapping instructions below). Replace the current WEB-INF/classes/atlassian-user.xml file with the modified atlassian-user.xml.
baseUserNamespace and baseGroupNamespace
As shown in the above screenshot, our Active Directory stores both users and groups under the Users folder. Hence both baseUserNamespace and baseGroupNamespace is CN=Users,DC=ad,DC=atlassian,DC=com.
These values are not relative to baseContext, they are absolute.
usernameAttribute, firstNameAttribute, surnameAttribute, membershipAttribute and userSearchFilter
To work out these attributes we recommend that you download JXplorer and point it to your Active Directory server (if you haven't done so already, please see this [document]). Once you have connected, browse to a particular user:
From the screenshot, we've marked which attributes are relevant and what they should be mapped to. Here are some further notes:
- userSearchFilter could well be organizationalPerson or even user. You can customize this to whatever distinguishes a user in your instance.
- sAMAccountName is a common attribute used to denote the username. Setting the usernameAttribute to this will allow you to logon to Confluence using the username (in this case jsmith).
Escape XML
There are 5 special characters that you must escape when saving the Active Directory filters to XML:
| Active Directory Character |
Save To XML As |
Description |
| < |
< |
less than |
| > |
> |
greater than |
| & |
& |
ampersand |
| ' |
' |
apostrophe |
| " |
" |
quotation mark |
groupnameAttribute, groupSearchFilter and membershipAttribute
Now browse to a group in JXplorer. Below, we are browsing the Sales and Marketing group:
As with the user attributes, we've marked down the values for the group attributes above. Please update these in your XML file.
You can leave the other attributes at their default values.
More advanced userSearchFilter and groupSearchFilter
We recommend that you keep these two filters simple like the sample values used above. We recommend you do so until you get some minimal integration working between Confluence and Active Directory. Once you've done that you can try [writing more complicated filters] to restrict the user and group domains down further.
