-
Type:
Suggestion
-
Resolution: Fixed
-
Component/s: None
-
Environment:Redhat Linux
Our LDAP server associates users into groups via their displayname via the memberOf attribute , e.g:
CN=Jennings\, Donald,CN=Users,DC=rkv,DC=ad,DC=celera,DC=com
But we need to use sAMAccount names to allow users to login: e.g.
jennindg
The only way that confluence seems to be able to associate a user with a group is if the login name/attribute is the same as the memberOf attribute. Is there a way to tell confluence that that users are authenicated by one attribute and associated with groups using another attribute? I attach our atlassianUserContext.xml LDAP xml fragment below:
<!-- LDAP Configuration -->
<bean id="ldapRepository" class="com.atlassian.user.impl.ldap.repository.DefaultLDAPRepository" singleton="true" >
<constructor-arg>
<props>
<prop key="com.sun.jndi.ldap.connect.pool.maxsize">0</prop>
<prop key="com.sun.jndi.ldap.connect.pool.initsize">10</prop>
<prop key="com.sun.jndi.ldap.connect.pool.prefsize">10</prop>
<!-- ldap connection pool debugging setting -->
<!-- <prop key="com.sun.jndi.ldap.connect.pool.debug">fine</prop> -->
<prop key="com.sun.jndi.ldap.connect.pool.protocol">plain</prop>
<prop key="com.sun.jndi.ldap.connect.pool.authentication">simple</prop>
<!-- TTL for each conn. in milliseconds. An idle connection reaching this limit will be destroyed.-->
<prop key="com.sun.jndi.ldap.connect.pool.timeout">0</prop>
<!-<prop key="javax.net.ssl.trustStore">/home/nickf/.keystore </prop>->
</props>
</constructor-arg>
<property name="poolingOn">
<value>true</value>
</property>
<property name="name">
<value>LDAP Server 1</value>
</property>
<property name="key">
<value>LDAP1</value>
</property>
<property name="description">
<value>ldap://little-creatures:389 - users & groups</value>
</property>
<property name="connectionProperties">
<props>
<prop key="host">usrkvgc01.rkv.ad.celera.com</prop>
<prop key="port">3268</prop>
<prop key="securityPrincipal">cn=SA_DIS, ou=Service Accounts, dc=rkv, dc=ad, dc=celera, dc=com</prop>
<prop key="securityCredential">XXXXX</prop>
<prop key="securityProtocol">plain</prop>
<prop key="securityAuthentication">simple</prop>
<prop key="baseContext">DC=rkv,DC=ad,DC=celera,DC=com</prop>
<prop key="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</prop>
<prop key="batchSize">100</prop>
<prop key="timeToLive">0</prop>
</props>
</property>
<property name="schemaMappingsProperties">
<props>
<prop key="baseUserNamespace">CN=Users,DC=rkv,DC=ad,DC=celera,DC=com</prop>
<prop key="baseGroupNamespace">OU=wiki,OU=groups,OU=Informatics,DC=rkv,DC=ad,DC=celera,DC=com</prop>
<prop key="usernameAttribute">sAMAccountName</prop>
<prop key="userSearchFilter">(&(objectClass=user)(objectClass=person))</prop>
<prop key="firstnameAttribute">givenName</prop>
<prop key="surnameAttribute">sn</prop>
<prop key="emailAttribute">mail</prop>
<prop key="groupnameAttribute">cn</prop>
<prop key="groupSearchFilter">(objectClass=group)</prop>
<prop key="membershipAttribute">member</prop>
<prop key="userSearchAllDepths">true</prop>
<prop key="groupSearchAllDepths">true</prop>
</props>
</property>
</bean>
