1 Initial Setup
2 Example LDAP Active Directory Setup
3 LDAP Read-Only Restrictions with Crowd
- 3.1 Removing Users
- 3.2 Removing Groups
  - 3.2.1 Manage Groups Locally

Initial Setup

Please follow the official Atlassian documentation to integration to integrate the confluence application to your Crowd instance: https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-confluence-198573.html.

Settings for Crowd Space Admin Directories

If the intended space admin group(s) do not have sufficient directory permissions or authentication/access they will not be able to perform management functions.

Authentication and access to confluence application

Ensure that your Space Admin group(s) can access the application as per: https://confluence.atlassian.com/crowd/specifying-which-groups-can-access-an-application-25788430.html.

Permissions configuration for Directory

Ensure that your Space Admin group(s) has the appropriate permissions to be able to perform any management functions i.e. deleting/updating or creating a group as per: https://confluence.atlassian.com/crowd/specifying-an-application-s-directory-permissions-102596852.html.
To see how these permissions affect CSUM please take a look at: https://thepluginpeople.atlassian.net/wiki/spaces/CSUM/pages/1712062510.

Synchronising a directory with confluence

Once this is completed your confluence application integration as described in https://thepluginpeople.atlassian.net/wiki/spaces/CSUM/pages/2424700956/Integrating+Atlassian+Crowd#Initial-Setup and https://thepluginpeople.atlassian.net/wiki/spaces/CSUM/pages/2424700956/Integrating+Atlassian+Crowd#Settings-for-Crowd-Space-Admin-Directories You will need to synchronise directory(s) you want to integrate to confluence by following this documentation: https://confluence.atlassian.com/doc/synchronizing-data-from-external-directories-229838498.html

Creating a Space Group in Crowd Directory

Once you have integrated a crowd Directory to confluence then you can use crowd to create a space directory. You will need to name the group as follows <space key>-<desired groupname> all lowercase. The prefix must be the space key and the suffix thee desired name for the group must be after the space key in lowercase with a hyphen in between.

Example

Consider a space with the name Example and the key EX. The space group created in the crowd directory my be ex-examplename.

Example group called test-group in example directory test directory:

Example of Confluence Sychronisation:

Then you may also need to rebuild the cache for the group to appear as shown below:

Now once clicked the group will appear:

Example LDAP Active Directory Setup

Add a Directory with the type Connector and click Next
Add the initial Details
Complete the Connector Configuration

1 - Make sure that the type is OpenLDAP
2 - This is your LDAP Server Url ldap://<domain url>:<port number> example ldap://example.com:390
3 - Manage Groups Locally Enabling this setting is recommeded if your LDAP is read only as this will create the directories to be managed locally.
4 - Username of the
Complete the User and Group Configurations
1. Example User Configuration
2. Example Group Configuration
Finally setup the directory permission. If the directory is for a space admin group please refer to https://thepluginpeople.atlassian.net/wiki/spaces/CSUM/pages/2424700956/Integrating+Atlassian+Crowd#Settings-for-Crowd-Space-Admin-Directories to ensure appropriate permissions/access.

LDAP Read-Only Restrictions with Crowd

If your LDAP Server is read-only then your space admin users will not be able to manage your space groups that are linked to an LDAP directory. This is as expected. Neither Crowd, Confluence or CSUM are able to manage users/groups that are from a Read-Only LDAP Server.

Removing Users

Error: UnexpectedRollbackException

Removing Groups

Error: OperationFailedException
INSUFF_ACCESS_RIGHTS

Manage Groups Locally

Error: OperationFailedExecption
APPLICATION_PERMISSION_DENIED

Even if the setting as described in https://thepluginpeople.atlassian.net/wiki/spaces/CSUM/pages/2424700956/Integrating+Atlassian+Crowd#Example-LDAP-Active-Directory-Setup is set. If the group was created before this setting was activated meaning that it’s directly linked to the LDAP group then neither Crowd, Confluence or CSUM have the permission to delete/modify this group or user. This is as expected.

Custom Space User Management

Integrating Atlassian Crowd