Limit importing LDAP users to a certain posixgroup


We are trying out Stash, and we'd love to use our openLDAP (posix schema) for managing accounts. Connecting to LDAP and importing / syncing accounts works, but now we want to limit the imported users that are members a certain posixgroup.

We have tried changing the "Group Object Filter" to limit importing one group. This imports only the selected group, but unfortunately, still imports all the users from LDAP.

The current hypothesis is that we need to do something with the "User Object Filter". However, since there is no "memberOf" property, we need to select users on the basis of the groups "memberUID" property. As far as we know, that is currently not possible.

The LDAP schema is "rfc2307" (storing member names in the memberuid attribute), we specifically do not use "rfc2307bis".

Is there a way that we can limit the users stash imports to a specific group?

Kind regards,

Jean-Paul van Oosten

2 answers

Hi Jean-Paul,

My LDAP is a little rusty, but I think you're probably correct that you would really need the memberOf on your users to do the filter you want.

That said, I have to wonder if you're asking because you want to reduce the number of users counted towards your license? If that is your reason then my, slightly odd, suggestion is to just remove the stash-users group from the global permissions, and only assign permissions to the group you care about. Stash only calculates licenses for groups/users that at least have one permission.

If you want to remove the users completely from Stash, either for performance or for visibility reasons then I'm afraid I don't know the answer. I might then suggest adding the 'crowd' tag to this question as we just defer to the embedded crowd library, and Stash has very little to do with the actual LDAP integration.

I hope that helps in some way.


Hi Charles,

Thank you for your answer. Indeed we found that only users with the "stash user" permission count towards the license limit. We wanted to limit the set of imported users for a better overview.

Thanks for the suggestion of adding the crowd-tag.



Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 14, 2019 in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

267 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you