Need help translating ldapsearch to Jira LDAP configuration.

I'm trying to get JIRA to authenticate to an internal LDAP server.  I have an ldapsearch command that lists the users in the group, but I can't get the JIRA configuration to authenticate properly. The ldap search command is:

ldapsearch -x -h <FQDNofServer> -b ou=memberlist,ou=ibmgroups,o=ibm.com "cn=<ParticularGroup>"

(of course, the <> are replaced with the actual values)

The output of this list all of the users in that group, so it seems to be working... the question is,  how do I translate to the ldap configuration?

I can configure JIRA so that any user that is in the overall directory can authenticate, but I can't narrow it down to the <ParticularGroup>

Key values in Jira:

Base DN:  ou=memberlist,ou=ibmgroups,o=ibm.com

Additional User DN: cn=<ParticularGroup>

I'm fairly confident that everything else is correct, because I can modify to this and any user in the directory can login:

Base DN: o=ibm.com

Additional User DN: ou=bluepages

 

thanks,

1 answer

0 votes

Hi John,

    The base DN is the common path for both group and user objects.
    So if you use:

Base DN:  ou=memberlist,ou=ibmgroups,o=ibm.com
    Additional User DN:



    Jira will start to search for users at cn=<ParticularGroup>,ou=memberlist,ou=ibmgroups,o=ibm.com, but you may not have user objects there. User objects are different from group objects. The conbination of Base DN and Additional User DN needs to return branch from your LDAP where your users can be found.

    If you use:

Base DN: o=ibm.com
    Additional User DN: ou=bluepages



    You probably can restrict your users by using the following User Object Filter:

(&amp;(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=&lt;ParticularGroup&gt;,ou=memberlist,ou=ibmgroups,o=ibm.com))


    Please notice this is just a guess, since I don't know your LDAP structure.

    You can find detailed information regarding the LDAP and filters from:

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Dec 06, 2018 in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

5,525 views 21 17
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you