Best Practice for managing OpenLDAP directory

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Overview heading

This best practice guide is for those who are connecting Confluence with OpenLDAP user directory.

#1. Make sure that group membership contains the full DN of the user

For groups, make sure that the members of a groups are defined by their FQDN instead of their DN. For example, the following group "cn=users" contains 3 members defined by their DNs, which may pose some problems when connecting into Confluence:

example of BAD group LDIF 
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: john
memberUid: stephen
memberUid: wayne
---


Instead, make sure that the members are defined by their FQDN as per example below:

example of GOOD group LDIF 
---------
dn: cn=users,ou=groups,dc=mycompany,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000
description:: almost everyone
memberUid: uid=john,ou=people,dc=mycompany,dc=com
memberUid: uid=stephen,ou=people,dc=mycompany,dc=com
memberUid: uid=wayne,ou=people,dc=mycompany,dc=com
---

(info) OpenLDAP connector accepts group entries in the format of FQDN, while the OpenLDAP-Posix (Read Only) connection accepts group entries in the format of DN.

Last modified on Jan 6, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.