Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP Dynamic Group Support

Khanh Nguyen15
Khanh Nguyen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 16, 2012

It would be awesome if I can get Confluence/Jira to work with LDAP Dynamic Groups. By that I mean specifically. . .

Example LDAP cn definition:

cn=dg_all_managers,ou=groups,dc=abc,o=xyz

objectclass=top groupOfURLs

memberURL=ldap:///ou=people,dc=abc,o=xyz??sub?(mgrLevel=Y)

Let's say User1, User2 and User3 have the attribute mgrLevel=Y.

Scenario1: Is there a way to get Confluence/Jira to recognize the cn=dg_all_managers,ou=groups,dc=abc,o=xyz as having dynamic members User1, User2 and User3?

Scenario2: Do I need to go one step further and add an attribute to User1, User2 and User3 LDAP record to include a memberOf=cn=dg_all_managers,ou=groups,dc=abc,o=xyz

Our preference is to get scenario1 to work but might be willing to settle for scenario2.

Any advice on this is appreciated.

Answer
Watch
Like Be the first to like this
1077 views

1 answer

1 accepted

0 votes
Answer accepted
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 17, 2012

Hi,

You should be able to use scenario 2, have a look at http://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-MembershipSchemaSettings

If you use the "Use the User Membership Attribute, when finding the user's group membership" setting then the application will use the group attribute on the user (memberOf) to retrieve group membership, if you have this unchecked it will use the attribute on the group (member) to determine group membership.

The support for "real" dynamic groups (scenario 1) is an open feature request - https://jira.atlassian.com/browse/CONF-8046

Hope that helps,

Andrew.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events