Degraded performance Customers may experience intermittent errors using Community search. Our platform vendor is investigating.
We are trying out Stash, and we'd love to use our openLDAP (posix schema) for managing accounts. Connecting to LDAP and importing / syncing accounts works, but now we want to limit the imported users that are members a certain posixgroup.
We have tried changing the "Group Object Filter" to limit importing one group. This imports only the selected group, but unfortunately, still imports all the users from LDAP.
The current hypothesis is that we need to do something with the "User Object Filter". However, since there is no "memberOf" property, we need to select users on the basis of the groups "memberUID" property. As far as we know, that is currently not possible.
The LDAP schema is "rfc2307" (storing member names in the memberuid attribute), we specifically do not use "rfc2307bis".
Is there a way that we can limit the users stash imports to a specific group?
Jean-Paul van Oosten
My LDAP is a little rusty, but I think you're probably correct that you would really need the memberOf on your users to do the filter you want.
That said, I have to wonder if you're asking because you want to reduce the number of users counted towards your license? If that is your reason then my, slightly odd, suggestion is to just remove the stash-users group from the global permissions, and only assign permissions to the group you care about. Stash only calculates licenses for groups/users that at least have one permission.
If you want to remove the users completely from Stash, either for performance or for visibility reasons then I'm afraid I don't know the answer. I might then suggest adding the 'crowd' tag to this question as we just defer to the embedded crowd library, and Stash has very little to do with the actual LDAP integration.
I hope that helps in some way.
Thank you for your answer. Indeed we found that only users with the "stash user" permission count towards the license limit. We wanted to limit the set of imported users for a better overview.
Thanks for the suggestion of adding the crowd-tag.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs