Limit importing LDAP users to a certain posixgroup

Hi,

We are trying out Stash, and we'd love to use our openLDAP (posix schema) for managing accounts. Connecting to LDAP and importing / syncing accounts works, but now we want to limit the imported users that are members a certain posixgroup.

We have tried changing the "Group Object Filter" to limit importing one group. This imports only the selected group, but unfortunately, still imports all the users from LDAP.

The current hypothesis is that we need to do something with the "User Object Filter". However, since there is no "memberOf" property, we need to select users on the basis of the groups "memberUID" property. As far as we know, that is currently not possible.

The LDAP schema is "rfc2307" (storing member names in the memberuid attribute), we specifically do not use "rfc2307bis".

Is there a way that we can limit the users stash imports to a specific group?

Kind regards,

Jean-Paul van Oosten

2 answers

Hi Jean-Paul,

My LDAP is a little rusty, but I think you're probably correct that you would really need the memberOf on your users to do the filter you want.

That said, I have to wonder if you're asking because you want to reduce the number of users counted towards your license? If that is your reason then my, slightly odd, suggestion is to just remove the stash-users group from the global permissions, and only assign permissions to the group you care about. Stash only calculates licenses for groups/users that at least have one permission.

If you want to remove the users completely from Stash, either for performance or for visibility reasons then I'm afraid I don't know the answer. I might then suggest adding the 'crowd' tag to this question as we just defer to the embedded crowd library, and Stash has very little to do with the actual LDAP integration.

I hope that helps in some way.

Charles

Hi Charles,

Thank you for your answer. Indeed we found that only users with the "stash user" permission count towards the license limit. We wanted to limit the set of imported users for a better overview.

Thanks for the suggestion of adding the crowd-tag.

Regards,

Jean-Paul

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

22,890 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you