Hey,
I just added LDAP Active Directory authentication to our local Bitbucket server and now all users from LDAP show up in the administrator->Users directory. This seems very inefficient because I only want to edit the users that are using the Bitbucket server. This also sucks because now it takes forever to open the user page.
Is there any way to disable showing LDAP users that aren't associated with Bitbucket in the users directory?
Hi Kyle,
You can setup a more specific user filter on the directory so that only a subset of users are synced to Bitbucket Server. The filter by default includes all users that fall under the Base DN, but it can be changed in the directory configuration, under User Schema Settings
look for User Object Filter
.
For example, the following filter will only sync users that are members of the CaptainPlanet
group.
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,ou=users,dc=company,dc=com))
You'll want to update the above filter to be specific for your LDAP setup. More information configuring these filters can be found at Restricting LDAP Scope for User and Group Search. This is specific for Crowd, but the concept of the filter and testing it with Apache Directory Studio applies to Bitbucket Server.
I was hoping to have it show up more like Jira's user database but this will work. Thank you very much for your thorough answer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kyle, Could you provide more detail on showing up like JIRA's user database? I'm not sure I follow. If you're already aware, you can use JIRA as a User Server and connect Bitbucket to that so only those users are synced. More information at https://confluence.atlassian.com/display/BitbucketServer/Connecting+Bitbucket+Server+to+JIRA+for+user+management
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.