What is an "additional LDAP connection"?

By default, the user directories configured in Confluence are used to fill the user profiles. These directories can be found under Confluence administration → Users & Security → User Directories.

In some cases, companies have two LDAP servers for the same set of users. Those servers hold different information. A common use case would be to manage users and groups (their name, passwords etc.) in a default Confluence user directory but maintain their profile data (position, branch etc.) in a different directory. In this case you would need to retrieve additional profile data from a second, additional LDAP server. 

You can create an alternative LDAP connection under Confluence administration → Linchpin User Profiles → Data sources.

Configure an additional LDAP connection

The settings here are similar to the the configuration of default Confluence user directories.

Server Settings

Host

Enter the host name/web address of the server running LDAP here. For example: ldap.example.com

Port

Enter the port your configuration uses. Most of the time, it is port 389. You can also activate the Use SSL checkbox, if you wish to use SSL with this connection.

Bind DN or user

Enter the user name of the user that logs into the LDAP server. For example: user@domain.com or cn=user,dc=domain,dc=name

Password

Enter the password of the user that logs into the LDAP server.

Search Settings

Base DN

Enter the root node in LDAP which is used to search for users and groups. For example: cn=users,dc=example,dc=com

User-Attribute

Enter the unique user attribute which represents the Confluence user name. For example: uid

User Update Search Filter

This filter ist used to find the users in your directory for whom data should be updated.

If you activated the incremental sync option you can use a date here in the filter. To do so (see the LDAP sync documentation), insert this placeholder: [last_sync_timestamp]

An example for a complete search filter: (&(objectClass=person)(modifyTimestamp>=[last_sync_timestamp]))

If you didn't activate the incremental sync option you can't use the date placeholder. You may adjust to the Confluence default when setting up an AD connection.
Example:  (&(objectCategory=Person)(sAMAccountName=*))

Additionally, activate the Use Paged Results checkbox. Enter the amount of search results allowed per page.

Allow write to LDAP

Disable write to LDAP.

Select this radio button to establish a read-only LDAP connection. Changes to user profiles won't overwrite the values on your LDAP server.

Enable write to LDAP.

Select this radio button to establish a connection with write permissions. User changes to profile data will be applied directly to your LDAP server.

For this to work, you will have to enable writing access for each profile field individually. This can be done inside the profile editor (Confluence administration → Linchpin User Profiles → Profile Editor). Additionally, all writable profile fields must be configured in your LDAP schema.

Remove the additional LDAP connection

If you wish to remove the additional LDAP connection, click on the Clear now button in the Clear LDAP connection section. A pop-up window will appear. Click OK to confirm your action.