用户账户管理
删除用户
Delete or Disable Users | version 9.2
https://confluence.atlassian.com/doc/delete-or-disable-users-138318.html
如果用户同时出现在不同的 Directories 中:
- 需要删除 LDAP 中用户,
- 需要进行 Unsynced from directory 清理,然后才会出现 Delete 按钮;
- 如果中途修改过 Directories 类型,可能需要还原,然后再进行清理;
管理员密码重置
Restore Passwords To Recover Admin User Rights | version 8.8
https://confluence.atlassian.com/conf88/restore-passwords-to-recover-admin-user-rights-1354500321.html
# 12/19/2024 我们测试并未生效,或是我们的方法不正确;
接入 LDAP 管理
Connecting to an LDAP Directory | Confluence Data Center 8.9 | Atlassian Documentation
We provide built-in connectors for the most popular LDAP directory servers:
Apache Directory Server (ApacheDS)
Apple Open Directory
Fedora Directory Server
Novell eDirectory
OpenDS
OpenLDAP
OpenLDAP Using Posix Schema
Posix Schema for LDAP
Sun Directory Server Enterprise Edition (DSEE)
A generic LDAP directory server
User Directories
Administrator / User management / User Directories / Order
或,针对某些极端场景,修改数据库:cwd_app_dir_mapping;cwd_directory;
接入 Light LDAP 服务
# 05/20/2025 Confluence 9.2.1
Server Settings
- Name: LDAP Server
- Directory Type: Generic Directory Server
- Hostname:
- Port: 3890
- Username: cn=admin,ou=people,dc=example,dc=com
- Password:
LDAP Schema:
- Base DN: dc=example,dc=com
- Additional User DN: ou=people
- Additional Group DN: ou=groups
LDAP Permissions
- Read Only, with Local Groups
- Default Group Memberships: confluence-users // 根据提示,首次同步的用户不会进入该组,首次登陆才会进入该组。
Advanced Settings
- Synchronization Interval (minutes): 1 // 及时同步用户数据,且不担心 LDAP Server 负载
User Schema Settings:
- User Object Class: inetorgperson
- User Object Filter: (objectclass=inetorgperson)
- User Name Attribute: uid
- User Name RDN Attribute: cn
- User First Name Attribute: first_name
- User Last Name Attribute: last_name
- User Display Name Attribute: cn
- User Email Attribute: mail
- User Password Attribute: NotReturned // 通过 ldapsearch 查询,确实无 Password 字段
- User Password Encryption: SHA // 任意即可
- User Unique ID Attribute: entryuuid
Group Schema Settings:
- Group Object Class: groupOfUniqueNames
- Group Object Filter: (objectClass=groupOfUniqueNames)
- Group Name Attribute: cn
- Group Description Attribute: uid
Membership Schema Settings
- Group Members Attribute: uniquemember
- User Membership Attribute: memberOf
- Use the User Membership Attribute: checked
Save and test
# 05/25/2025 当 Save and test 时,显示 Test user can authenticate : Not performed 提示,针对我们的场景,该提示不影响实现需求,所以我们忽略该提示。
其他文档
How to write LDAP search filters |
https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
[Sol.] … Synchronization failed. See server logs for details …
Unable to find the groupname of the principal error when connecting to an OpenLDAP/FedoraDS directory
User Directory (Active Directory) Synchronisation is failing with ‘Unable to find the groupname of the principal
点击 User Directories / LDAP server / Synchronize 按钮,提示 … Synchronization failed. See server logs for details … 错误。
开启 Confluence LDAP 日志,查看 /var/confluence/logs/atlassian-confluence-security.log 文件,发现 … org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal … 错误。
...
2024-12-19 16:29:59,140 INFO [Caesium-1-3] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedGroups synchronized [ 14 ] groups in [ 4ms ]
2024-12-19 16:29:59,236 INFO [Caesium-1-3] [crowd.directory.rfc4519.RFC4519DirectoryMembershipsIterable] searchChildrenDns Searching for children of 14 groups
2024-12-19 16:29:59,540 ERROR [Caesium-1-3] [ldap.mapper.entity.LDAPGroupAttributesMapper] getGroupNameFromAttributes The following record does not have a groupname: NameAwareAttribute; attributes: {}
2024-12-19 16:29:59,540 ERROR [Caesium-1-3] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache Exception occured when performing full synchronization
org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal.
at com.atlassian.crowd.directory.ldap.mapper.entity.LDAPGroupAttributesMapper.getGroupNameFromAttributes(LDAPGroupAttributesMapper.java:141)
...
我们猜测是 lldap 返回的信息中并不包含 groupname 字段,而导致 confluence 无法正常工作。
所以,配置 Group Schema Settings 参数(Group Object Class、Group Object Filter),不导入组信息即可(即无法匹配到任何组)。
同步成功的日志:
... INFO [http-nio-8090-exec-12] [embedded.admin.list.DirectoriesController] sync User directory synchronisation requested: [ LDAP server ], type: [ CONNECTOR ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache INCREMENTAL synchronisation for directory [ 42139649 ] starting ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache Attempting INCREMENTAL synchronisation for directory [ 42139649 ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache Incremental synchronisation for directory [ 42139649 ] was not completed, falling back to a full synchronisation ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache FULL synchronisation for directory [ 42139649 ] starting ... INFO [Caesium-1-1] [directory.ldap.cache.RemoteDirectoryCacheRefresher] findAllRemoteUsers found [ 43 ] remote users in [ 26 ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned and compared [ 43 ] users for delete in DB cache in [ 2ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned for deleted users in [ 2ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] getUsersToAddAndUpdate scanning [ 43 ] users to add or update ... INFO [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers scanned and compared [ 43 ] users for update in DB cache in [ 2ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers synchronised [ 43 ] users in [ 4ms ] ... INFO [Caesium-1-1] [directory.ldap.cache.RemoteDirectoryCacheRefresher] findAllRemoteGroups found [ 0 ] remote groups in [ 69 ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] determineGroupsToRemoveByName scanned and compared [ 0 ] groups for delete in DB cache in [ 2ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedGroups scanning [ 0 ] groups to add or update ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] findGroupsToUpdate scanned and compared [ 0 ] groups for update in DB cache in [ 1ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedGroups synchronized [ 0 ] groups in [ 3ms ] ... INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache FULL synchronisation complete for directory [ 42139649 ] in [ 237ms ]