Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to enable anonymous access for all the LDAP users?

Pankaj Jangid
Pankaj Jangid
Community Champion
February 17, 2013

I have configured Confluence to use corp LDAP (directory). We have a 2000 user license but organization have ~5000 users. I have allowed all the users to login but only ~1500 users have global CAN USE permission.

Anonymous users have global CAN USE permission. So anyone can view pages without loging in. Now, because some of the users don't have explicit CAN USE permission, they can login but cannot view those pages which they can view without loging in.

I saw a similar question here -> https://answers.atlassian.com/questions/128306/i-have-a-50-user-license-for-confluence-and-have-200-users-in-my-active-directory-how-can-i-set-up-confluence-to-allow-50-named-users-with-login-access-to-confluence-and-the-remaining-users-view-only-access. But the solution requires modifications to LDAP directory itself.

Is there an alternative available where either non active users are not allowed to login, or non active users can be treated as anonymous?

Answer
Watch
Like Deleted user likes this
1025 views

2 answers

1 vote
Bruna Griebeler
Bruna Griebeler
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 18, 2013

Hi there!

The only thing I can think of is to make the users access another page (e.g. hosted by Apache) that will authenticate the users via kerberos or other tool. If the user matches with the LDAP user, then he'll be redirected to this page: (eg. http://localhost:8888/dashboard.action?os_username=anonymous&os_password=anonymous) then the user will be logged in directly as anonymous.

Hope it helps!

Reply
0 votes
Daniel Borcherding
Daniel Borcherding
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 19, 2013

Hello Jangid,

The solution proposed in the answers post you cite does not necessarily mean that you have to modify your LDAP. The important take away from the post you cite is that your population of privilidged users must be part of some group or groups that differentiate them from your non privilidged users. You can absolutely take advantage of existing groups within your LDAP to achieve the same affect. You will just need to make sure that the groups that you have provisioned your users in have the global "CAN USE" permission. So long as those users that do not need an explicit login are part of groups that do not have "CAN USE" permissions they will not count againt your license total. Below is a document on our global permissions overview and a document on enabling anonymous access.

https://confluence.atlassian.com/display/DOC/Global+Permissions+Overview

https://confluence.atlassian.com/display/DOC/Setting+Up+Public+Access

If it were my instance I would write a custom LDAP filter to only pull those people I wanted to set explicit access into confluence. I would try to exclude those groups that did not need access to confluence so as not to clutter my user managment area. Below is a document we have that details writing custom LDAP filters.

https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters

Please let us know if you have any questions about this process or if any of the points I have made above are unclear.

View More Comments
Pankaj Jangid
Pankaj Jangid
Community Champion
February 21, 2013

Sorry for not clearly stating my problem. Here is a short summary.

I have given anonymous acces at global level and at space level. So users can view the page when they are not logged in. But they cannot see when they login. Because none of their groups have "CAN USE" permission.

Is there a way to either not allow non-licensed users to login, or treat non non-licensed users as anonymous? Without modifying LDAP.

LDAP filter is a good idea. But I thought there is a builtin way to grant anonymous permissions to all logged in users at least.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.