Reduce the number of users synchronised from LDAP to HipChat Server
If you have connected HipChat Server to an LDAP directory for authentication and user management, you may want configure HipChat Server to synchronise a subset of users from LDAP rather than all users. There are two reasons for why you might make this change:
- Improving performance — If you have performance issues during synchronisation process, you may be able to improve this by synchronising a subset of data instead. See this knowledge base article for more information: Performance issues with large LDAP repository in Jira server.
- Reducing your user count (not recommended) — You can synchronise a subset of users to HipChat Server from LDAP to reduce your user count. This will allow you to count fewer users against your HipChat Server license. However, synchronising a subset of users to HipChat Server from LDAP is not the recommended method for reducing your user count in HipChat Server.
Methods for synchronising users
The procedure for configuring HipChat Server to synchronise a different number of users from LDAP depends on how you initially set up your LDAP directory:
- For example, if you have all your HipChat users in one organisational unit and your non-HipChat users in another organisational unit, then you can simply configure HipChat Server to only synchronise users against a particular DN (distinguished name).
- However, if your setup is not so simple (for example, you have your HipChat users and non-HipChat users in the same node), you will need to define an LDAP filter to synchronise the relevant users.
Both of these methods are outlined below.
Synchronising against Base DN and Additional User DN
If you have all your HipChat users in one organisational unit and your non-HipChat users in another organisational unit, then you can simply configure HipChat Server to only synchronise users against a particular DN (distinguished name).
- Browse to your server's fully qualified domain name, for example https://hipchat.yourcompany.com.
- Log into the HipChat Server web user interface (UI) using your administrator email and password.
- Click Server admin > Directory.
- Update the Base DN field, and optionally the Additional User DN, to query against the directory server as desired. For example, if you have configured all of your HipChat users in the hipchat-users organisational unit (OU) only for your company at mycompany.example.com, your configuration would look like this:
- Base DN —
dc=mycompany,dc=example,dc=com - Additional User DN —
ou=hipchat-users
- Base DN —
Active Directory/LDAP Group objects do not currently affect HipChat Server. Filtering for or against groups won't change the user list in HipChat Server. You can still set a User Object Filter to check for the memberOf attribute (or a similar attribute), so you can filter for AD/LDAP Group membership.
Defining an LDAP filter
If your setup is not so simple (for example, you have your HipChat users and non-HipChat users in the same node), you will need to define an LDAP filter to synchronise the relevant users.
- Browse to your server's fully qualified domain name, for example https://hipchat.yourcompany.com.
- Log into the HipChat Server web user interface (UI) using your administrator email and password.
- Click Server admin > Directory.
- Update User Object Filter field as desired. The syntax for LDAP filters is not simple and your query will depend on how you have set up your LDAP directory.
For example, if only LDAP users in the state of Delaware, designated by "st=DE" in each user's attribute list within the LDAP tree, will use HipChat you can filter to find them by setting the User Object Filter =(&(objectCategory=inetorgperson)(st=DE)).
More information on defining LDAP filters is available in the pages linked in the Related content section at the top of this page.