Community resources
Community resources
Community resources
Not able to configure LDAP for adding users from nested groups, in JIRA
I am trying to fetch users from a LDAP group (using Add Directory > Microsoft Active Directory) .
Consider:
I have one LDAP group "A" that has 3 users (x, y, z) and 2 subgroups "B" and "C".
"B" subgroup has 2 users (u, v).
"C" subgroup has 2 users (s, t).
My current configurations are:
Directory ID: 10800
Name: Active Directory server 3
Active: false
Type: CONNECTOR
Created date: Tue May 21 23:57:43 EDT 2019
Updated date: Wed May 22 01:23:29 EDT 2019
Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
"autoAddGroups": ""
"com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
"com.atlassian.crowd.directory.sync.issynchronising": "false"
"com.atlassian.crowd.directory.sync.lastdurationms": "1457319"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1558501152498"
"crowd.sync.group.membership.after.successful.user.auth.enabled": "only_when_first_created"
"crowd.sync.incremental.enabled": "true"
"directory.cache.synchronise.interval": "10800"
"ldap.basedn": "dc=xxx,dc=xxx,dc=xxx,dc=xxx"
"ldap.connection.timeout": "10000"
"ldap.external.id": "objectGUID"
"ldap.filter.expiredUsers": "true"
"ldap.group.description": "description"
"ldap.group.dn": "ou=xxx"
"ldap.group.filter": "(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*)))"
"ldap.group.name": "cn"
"ldap.group.objectclass": "group"
"ldap.group.usernames": "member"
"ldap.local.groups": "false"
"ldap.nestedgroups.disabled": "false"
"ldap.pagedresults": "true"
"ldap.pagedresults.size": "1000"
"ldap.password": ********
"ldap.pool.initsize": "null"
"ldap.pool.maxsize": "null"
"ldap.pool.prefsize": "null"
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "true"
"ldap.read.timeout": "120000"
"ldap.referral": "true"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://xxxx:389"
"ldap.user.displayname": "displayName"
"ldap.user.dn": "ou=people"
"ldap.user.email": "mail"
"ldap.user.encryption": "sha"
"ldap.user.filter": "(&(|(objectCategory=person)(objectCategory=group))(|(objectClass=user)(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=cn=A,OU=xxx,dc=xxx,dc=xxx,dc=xxx,dc=xxx))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "*"
"ldap.user.password": "unicodePwd"
"ldap.user.username": "sAMAccountName"
"ldap.user.username.rdn": "cn"
"ldap.userdn": "T@xxx.com"
"ldap.usermembership.use": "false"
"ldap.usermembership.use.for.groups": "false"
"localUserStatusEnabled": "false"
Instead of providing the flattened list of users from the group hierarchy mentioned above, it fetches all the groups in which user "T" is present.
I have also enabled the "Enable Nested groups" option in Advance Settings.
For creating user object filter i have referred:
How can i fetch users according to my requirement ?