Well, I’ve previously developed an SSO (Single Sign On) system build on on top of CAS and Spring. It integrate famous products from Atlassian called Confluence and Jira.
It was a bit hard to do LDAP user and group management in older version of Confluence and Jira.
I just requested by client to setup Confluence+LDAP integration for user authentication only (note that this is not including LDAP user & group managemet) using ActiveDirectory.
I am surprised that doing this now (in Confluence 2.7.x) is more simple than what I did before.
Here is what I do to make it works:
Firstly, Go to confluence installation dir (%CONFLUENCE_HOME%).
Edit %CONFLUENCE_HOME%/confluence/WEB-INF/classes/atlassian-user.xml and add lines below:
<ldap key="exampleLdapRepository" name="Example LDAP Repository" cache="true">
<!-- server config -->
<host>ad.example.com</host>
<port>389</port>
<securityPrincipal>cn=user,ou=admins,dc=example,dc=com</securityPrincipal>
<securityCredential>password</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>ou=users,dc=example,dc=com</baseContext>
<!-- tree config -->
<baseUserNamespace>ou=users,dc=example,dc=com</baseUserNamespace>
<baseGroupNamespace>ou=groups,dc=example,dc=com</baseGroupNamespace> <!-- ignored -->
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=user)</userSearchFilter>
<firstnameAttribute>displayName</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=ignoredSinceWeUseUserAuthOnly)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>false</groupSearchAllDepths>
</ldap>
Above task will enable authentication to LDAP. Since we’re not managing groups in LDAP, now the problem is authenticated users does not belong to any group so that they can’t use Confluence (minimum group is confluence-users). Therefor we need to use Dynamic-Group plugin so authenticated users will automatically joined to groups that already specified by admin in configuration files.
It seems like the page is never updated :p. Someone has reported that the plugin didn’t work for Confluence 2.7 or later. 
But, I finally found that the plugin is actually shipped with confluence 2.7 :D. what you need to do is edit %CONFLUENCE_HOME%/confluence/WEB-INF/classes/seraph-config.xml and,
Replace:
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
With:
<authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/>
Save, and restart tomcat. All LDAP users under ou=users,dc=example,dc=com now should be able to use Confluence 
References:
- Add LDAP Integration
- Customising atlassian-user.xml
- Automatically Adding LDAP users to confluence users Group
The new Confluence 2.7 ConfluenceGroupJoiningAuthenticator class is not the same as the “LDAP Dynamic Groups Plugin”! It is a much simpler feature.
This new class forces ALL users to join “confluence-users” group ONLY. There is no (non-Java) way to configure other groups. It also does not support multiple group mappings, or non-static LDAP groups.
Java Modification
Confluence Source users may repeat the “confluence-users” line in the ConfluenceGroupJoiningAuthenticator.java file to set one or more other (hard coded) groups.
LINE:
Group confluenceUsers = getGroupManager().getGroup(”confluence-users”);
Compare the Namespaces…
Plug-In: com.stepstonetech.confluence.ldap.ConfluenceGroupJoiningAuthenticator
Built-In:
com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator