Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP groups wont showup correctly when two Microsoft AD user directories are present

Licenses systems
Licenses systems September 4, 2018

I have configured for our Jira two Microsoft AD user directories, it is the ldap service so both have same users in them. Previously with Jira 7.3 I had all users shown up correctly, ie. if both user directories bring the same user but with different groups then both groups show up for user.

Now with Jira 7.7.0 this same configuration doesn't work. If I remove Group Object Filter all of our groups show, there are hundreds of them and some users have lots of groups(+10). It makes maintaining very difficult because now Jira has some hundreds of groups and we do project permissions by groups.

 

Whats has changed 7.3.1 -> 7.7.0 when it comes to AD configurations? What kind of group object filter should I have? It seems that whichever user directory is on top received priority and as such users will have the group its importing, If I switch it to bottom then the users will the other group. My current group object filter is "(&objectCategory=Group)(cn=ad_group_name))". User Object Filter is "(&(objectCategory=Person)(memberOf=cn=ad_group_name,ou=ou_name,ou=additional_dir,ou=one_more_ou,dc=domain,dc=local))" .

Answer
Watch
Like Be the first to like this
333 views

1 answer

0 votes
Keri
Keri
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 11, 2018

Hi team, 

 

There isn't anything that's changed, the only thing that I can think of that would be upgrade specific would be any configuration for LDAPS - that may have been knocked out. 


As far as the scenario you're talking about this new behavior sounds like how I would expect Jira to behave. 

 

Example:

  • You have connected two directories: The Customers directory and the Partners directory.
  • The Customers directory is first in the directory order.
  • A username jsmith exists in both the Customers directory and the Partners directory.
  • The user jsmith is a member of group G1 in the Customers directory and group G2 in the Partners directory.
  • The user jsmith will have permissions based on membership of G1 only, not G2.

Managing multiple directories

 

 

Have any changes been made to your AD groups? Or can you explain your use case a little more so we can try to further understand what's going on?

Cheers, 

Keri

View More Comments
Licenses systems
Licenses systems September 11, 2018

Wrong answer. Look below

Like
Licenses systems
Licenses systems September 11, 2018

We didn't upgrade, we have several instances of Jira running. Some of them are 7.3 version and our ldap configuration with several ldap user directories bringing same users but with each bringing different ldap group works.

 

Basically project access is handled using ldap and some Jira instances have multiple project. Its easier to handle access from ldap.

 

With jira 7.7.0 this configuration no longer works. So I'm asking how to handle multiple user directories that share usernames and I need to get those groups for usernames? Just getting all groups won't work because some users have groups numbering in tens. Our current ldap setup also can't be changed.

Like
Keri
Keri
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 12, 2018

Hi there, 

 

Thanks for giving us further information about this - the information I'd like to see is probably best not shared over a public forum, so I'm going to open a ticket with our support team to further troubleshoot. 

 

Look out for an email from us shortly.


Cheers, 
Keri

Like
Keri
Keri
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 18, 2018

@Licenses systems - Did you get notified for the support ticket?  You can log in to access it here: https://getsupport.atlassian.com/servicedesk/customer/portal/20/GHS-128893

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events