Using LDAP for user management pulls in too many users
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Many Confluence admins connect Confluence to an LDAP for user management. This is great, but you may go over your license limit if you pull in too many users from your LDAP system. In this example, we'll be using Confluence, but the steps detailed here apply to all Atlassian products that work with Crowd.
Symptoms
When using an LDAP directory for user management, too many users are pulled in, putting the Confluence instance over the licensed-user limit. An error is displayed stating that Confluence cannot be used until the number of users is brought below the limit.
Cause
No filters were set up in the LDAP integration - effectively adding all LDAP users as registered Confluence users.
Solution
You will need to specify a root to run queries against, Base DN, and can optionally specify an Additional User DN and Additional Group DN. These settings are accessed by editing the LDAP User Directory under Confluence Admin>>User Directories. See Schema Settings for details. For even finer-grained control, you can write a more specific LDAP search filter if needed.
Was this helpful?