Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Grant all AD users to submit a ticket via email

Andreas Neumann
Andreas Neumann December 11, 2017

Hello everyone,

First of all let me provide some details about my setup:
- Jira Service Desk V 3.9.1
- Dedicated Server (no cloud hosting)
- Active Directory queried via LDAP on Win Server 2012 R2
- Service Desk Starter license (3 agents)
- If I missed something please ask ;)

I have an issue with granting all Active Directory users the right to submit a ticket via email automatically when they are created without manually adding them to another user group that the Default Domain Group. The group itself is syncing and appears under Users Administration, but the group remains empty.

I already tried the following without success:

- Created an AD grop "servicedeskusers" and added the member "Default Domain Users"
- Connected Service Desk to LDAP following these steps Connecting to an LDAP directory setting a default group "sd-users" and the "Update group membership on login" property to "Everytime, user is logging in". This resulted in creating the group but membership isn't updated (the user was not added to the group)

I am aware that there's an issue with JIRA and primary groups as I have found here (JRASERVER-29187) and here (CONFSERVER-6729), which relate to Confluence but seem to be similar. Although the suggested workaround dosen't work for me (or I do silly mistakes while configuring ;)

Any suggestions or howtos are appreciated.

Regards
Andy

Answer
Watch
Like Be the first to like this
508 views

2 answers

0 votes
Andreas Neumann
Andreas Neumann December 11, 2017

Hi Branden,

thanks for your reply.

At first let me state that despite of owning the license a time ago I'm pretty new to JIRA and its configuration as well as I'm German speaking and I hope my English explanation is suitable. So I would appreciate your patience ;)

I don't use CROWD. I was not aware of this product.

You are right. My German localisation of Acive Directory consists of "Umlaute" as "Default Domain Users" is translated as "Domänen-Benutzer" in German. But I doubt that this could be a reason as "Domänen-Admins" (Domain admins) group show up all members as expected.

I have tried your suggestion "Troubleshooting LDAP User Management" in conjunction with using the Apache Directory Studio. It seems all fine and I can browse the directory as expected except the "MemberOf" Attribute doesn't show the actual members or groupe memebers. E.g. "Benutzer" (Users) show up but doesn't contain the designated members (all of them, not a only one user). Perhaps the DN is CN=Builtin, DC=example, DC=com which is to add at "Preferences for Group Schema"?

For a sample user called Demo it seems that there doesn't exist an attribute "Member" or "MemberOf" using Apache Directory Studio while Active Directory shows "Default Domain Users" as primary and only group.

If the provided information isn't able to clarify the issue any further please provide steps how to enable debug logging as suggested.

Cheers,
Andy

Reply
0 votes
somethingblue
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 11, 2017

Hi Andreas,

  • Are you using CROWD?

There is a good knowledge base article titled Groups and Users maintained in Microsoft Windows Active Directory are not properly being added to JIRA that may assist you and it provides three primary reasons for this behavior:

  1. There are Group names that contain special characters such as & (Ampersand), _ (Underscore), Umlaut such as å/Å, ä/Ä and ö/Ö in the AD
  2. Membership in Active Directory seems to be missing for some groups. Usually the "member" attribute is used for this.
  3. Duplication of groups in JIRA internal directory and Active Directory

In addition, Troubleshooting LDAP User Management provides the following as a possibility:

The Membership Schema Settings may be incorrect.

  • If this applies to only one user, it is likely the user details are incorrect.
  • If it applies to multiple, it is likely the JIRA Software configuration is incorrect.

Verify by browsing with Directory Studio (check with a sample user) and ensure the following attributes are correct within the Membership Schema Settings in JIRA Software:

  • Group Members Attribute 
  • User Membership Attribute

Please review the above reasons and take a look at the knowledge base article I linked above.  If that does resolve your issue with AD let us know.  If not, we may need to turn up debug logging and attempt a sync and see what the logs say.

Cheers,

Branden

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events