Grant all AD users to submit a ticket via email

Hello everyone,

First of all let me provide some details about my setup:
- Jira Service Desk V 3.9.1
- Dedicated Server (no cloud hosting)
- Active Directory queried via LDAP on Win Server 2012 R2
- Service Desk Starter license (3 agents)
- If I missed something please ask ;)

I have an issue with granting all Active Directory users the right to submit a ticket via email automatically when they are created without manually adding them to another user group that the Default Domain Group. The group itself is syncing and appears under Users Administration, but the group remains empty.

I already tried the following without success:

- Created an AD grop "servicedeskusers" and added the member "Default Domain Users"
- Connected Service Desk to LDAP following these steps Connecting to an LDAP directory setting a default group "sd-users" and the "Update group membership on login" property to "Everytime, user is logging in". This resulted in creating the group but membership isn't updated (the user was not added to the group)

I am aware that there's an issue with JIRA and primary groups as I have found here (JRASERVER-29187) and here (CONFSERVER-6729), which relate to Confluence but seem to be similar. Although the suggested workaround dosen't work for me (or I do silly mistakes while configuring ;)

Any suggestions or howtos are appreciated.

Regards
Andy

2 answers

0 votes

Hi Andreas,

  • Are you using CROWD?

There is a good knowledge base article titled Groups and Users maintained in Microsoft Windows Active Directory are not properly being added to JIRA that may assist you and it provides three primary reasons for this behavior:

  1. There are Group names that contain special characters such as & (Ampersand), _ (Underscore), Umlaut such as å/Å, ä/Ä and ö/Ö in the AD
  2. Membership in Active Directory seems to be missing for some groups. Usually the "member" attribute is used for this.
  3. Duplication of groups in JIRA internal directory and Active Directory

In addition, Troubleshooting LDAP User Management provides the following as a possibility:

The Membership Schema Settings may be incorrect.

  • If this applies to only one user, it is likely the user details are incorrect.
  • If it applies to multiple, it is likely the JIRA Software configuration is incorrect.

Verify by browsing with Directory Studio (check with a sample user) and ensure the following attributes are correct within the Membership Schema Settings in JIRA Software:

  • Group Members Attribute 
  • User Membership Attribute

Please review the above reasons and take a look at the knowledge base article I linked above.  If that does resolve your issue with AD let us know.  If not, we may need to turn up debug logging and attempt a sync and see what the logs say.

Cheers,

Branden

Hi Branden,

thanks for your reply.

At first let me state that despite of owning the license a time ago I'm pretty new to JIRA and its configuration as well as I'm German speaking and I hope my English explanation is suitable. So I would appreciate your patience ;)

I don't use CROWD. I was not aware of this product.

You are right. My German localisation of Acive Directory consists of "Umlaute" as "Default Domain Users" is translated as "Domänen-Benutzer" in German. But I doubt that this could be a reason as "Domänen-Admins" (Domain admins) group show up all members as expected.

I have tried your suggestion "Troubleshooting LDAP User Management" in conjunction with using the Apache Directory Studio. It seems all fine and I can browse the directory as expected except the "MemberOf" Attribute doesn't show the actual members or groupe memebers. E.g. "Benutzer" (Users) show up but doesn't contain the designated members (all of them, not a only one user). Perhaps the DN is CN=Builtin, DC=example, DC=com which is to add at "Preferences for Group Schema"?

For a sample user called Demo it seems that there doesn't exist an attribute "Member" or "MemberOf" using Apache Directory Studio while Active Directory shows "Default Domain Users" as primary and only group.

If the provided information isn't able to clarify the issue any further please provide steps how to enable debug logging as suggested.

Cheers,
Andy

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

523 views 1 15
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot