First of all let me provide some details about my setup:
- Jira Service Desk V 3.9.1
- Dedicated Server (no cloud hosting)
- Active Directory queried via LDAP on Win Server 2012 R2
- Service Desk Starter license (3 agents)
- If I missed something please ask ;)
I have an issue with granting all Active Directory users the right to submit a ticket via email automatically when they are created without manually adding them to another user group that the Default Domain Group. The group itself is syncing and appears under Users Administration, but the group remains empty.
I already tried the following without success:
- Created an AD grop "servicedeskusers" and added the member "Default Domain Users"
- Connected Service Desk to LDAP following these steps Connecting to an LDAP directory setting a default group "sd-users" and the "Update group membership on login" property to "Everytime, user is logging in". This resulted in creating the group but membership isn't updated (the user was not added to the group)
I am aware that there's an issue with JIRA and primary groups as I have found here (JRASERVER-29187) and here (CONFSERVER-6729), which relate to Confluence but seem to be similar. Although the suggested workaround dosen't work for me (or I do silly mistakes while configuring ;)
Any suggestions or howtos are appreciated.
There is a good knowledge base article titled Groups and Users maintained in Microsoft Windows Active Directory are not properly being added to JIRA that may assist you and it provides three primary reasons for this behavior:
In addition, Troubleshooting LDAP User Management provides the following as a possibility:
The Membership Schema Settings may be incorrect.
Verify by browsing with Directory Studio (check with a sample user) and ensure the following attributes are correct within the Membership Schema Settings in JIRA Software:
Please review the above reasons and take a look at the knowledge base article I linked above. If that does resolve your issue with AD let us know. If not, we may need to turn up debug logging and attempt a sync and see what the logs say.
thanks for your reply.
At first let me state that despite of owning the license a time ago I'm pretty new to JIRA and its configuration as well as I'm German speaking and I hope my English explanation is suitable. So I would appreciate your patience ;)
I don't use CROWD. I was not aware of this product.
You are right. My German localisation of Acive Directory consists of "Umlaute" as "Default Domain Users" is translated as "Domänen-Benutzer" in German. But I doubt that this could be a reason as "Domänen-Admins" (Domain admins) group show up all members as expected.
I have tried your suggestion "Troubleshooting LDAP User Management" in conjunction with using the Apache Directory Studio. It seems all fine and I can browse the directory as expected except the "MemberOf" Attribute doesn't show the actual members or groupe memebers. E.g. "Benutzer" (Users) show up but doesn't contain the designated members (all of them, not a only one user). Perhaps the DN is CN=Builtin, DC=example, DC=com which is to add at "Preferences for Group Schema"?
For a sample user called Demo it seems that there doesn't exist an attribute "Member" or "MemberOf" using Apache Directory Studio while Active Directory shows "Default Domain Users" as primary and only group.
If the provided information isn't able to clarify the issue any further please provide steps how to enable debug logging as suggested.
Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events