Using standalone JIRA 5.2.10 running on Windows and connecting to Active Directory with nested groups enabled in Advanced Settings, I am finding that nested groups are not working. In AD, I set up a group base OU, _Jira, and within that set up my JIRA groups (e.g. JIRA User, JIRA Developer). To some groups I added individual users (e.g. to JIRA Administrator), while to other groups I added groups defined outside the _Jira OU (e.g. an existing group named Developers was added to JIRA Developer).
When I synchronise AD with JIRA, the groups in _Jira appear as expected, but only users explicitly assigned are being shown as members. Users who are members of groups that are members of the JIRA groups are not appearing - is it because those groups are outside the _Jira OU, and if so, is there a workaround?
All groups that are found will appear as groups in JIRA's User Management Section. If you only wanted a small subset of the groups to be used, you could provide their CN as additional parameters in the Group Filter Query. e.g.
I moved all the JIRA_ groups into the Groups folder and deleted the JIRA folder, then updated my AD configuration in JIRA accordingl and applied the group filter that you suggest; but the end result is still the same. Users who are explicitly assigned to a JIRA_ group appear in those groups in JIRA, but users who are implicitly assigned to a JIRA_ group by virtue of being in a non-JIRA_ group assigned to a JIRA_ group do not.
I don't know whether this is a limitation of LDAP as a whole, or Atlassian's implementation of the AD support. It's beginning to sound like we will have to swallow the extra administration overhead, and assign users to JIRA Users as well as Users, for example.
In order to get the nested group working fine, the groups search filter configured on your end need to be able to search the nested group as well. Hence please ensure that the configured Base DN and search filter is able to retrieve your nested group.
Hope it helps.
So if my AD setup is something like this:
and I set my Base DN to Base, my User DN to Users and my Group DN to JIRA, I get my current situation. If I make the groups External Testers and Internal Testers to members of JIRA_Testers, then currently no-one who is in those groups will actually be displayed as such.
In short, I don't want the groups in Base/Groups to appear in JIRA, but I want those groups to be assigned to JIRA-specific groups. Is this at all possible, and if so, what changes do I need to make to my DN queries?
I realize I'm more than five years late, but maybe this can help someone else to understand the limitations in play here. I was in the exact same situation.
I had the group Employees (OU=Security Groups) belonging to the group Jira Users (OU=Jira,OU=Security Groups). However, I only wanted group in OU Jira to be displayed in Jira. Unfortunately I had to back down and explicitly add users to the group Jira Users.
Nested groups only work, if the parent group(s) of a nested group are also available/displayed in Confluence.
I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs