I'm trying to get JIRA to authenticate to an internal LDAP server. I have an ldapsearch command that lists the users in the group, but I can't get the JIRA configuration to authenticate properly. The ldap search command is:
ldapsearch -x -h <FQDNofServer> -b ou=memberlist,ou=ibmgroups,o=ibm.com "cn=<ParticularGroup>"
(of course, the <> are replaced with the actual values)
The output of this list all of the users in that group, so it seems to be working... the question is, how do I translate to the ldap configuration?
I can configure JIRA so that any user that is in the overall directory can authenticate, but I can't narrow it down to the <ParticularGroup>
Key values in Jira:
Base DN: ou=memberlist,ou=ibmgroups,o=ibm.com
Additional User DN: cn=<ParticularGroup>
I'm fairly confident that everything else is correct, because I can modify to this and any user in the directory can login:
Base DN: o=ibm.com
Additional User DN: ou=bluepages
thanks,
Hi John,
The base DN is the common path for both group and user objects.
So if you use:
Base DN: ou=memberlist,ou=ibmgroups,o=ibm.com Additional User DN:
Jira will start to search for users at cn=<ParticularGroup>,ou=memberlist,ou=ibmgroups,o=ibm.com, but you may not have user objects there. User objects are different from group objects. The conbination of Base DN and Additional User DN needs to return branch from your LDAP where your users can be found.
If you use:
Base DN: o=ibm.com Additional User DN: ou=bluepages
You probably can restrict your users by using the following User Object Filter:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=<ParticularGroup>,ou=memberlist,ou=ibmgroups,o=ibm.com))
Please notice this is just a guess, since I don't know your LDAP structure.
You can find detailed information regarding the LDAP and filters from:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.