Avoid importing groups from Active Directory but link users with the regular JIRA groups.

Francois M. FASBENDER July 9, 2012

Hello,

I've connected JIRA 5.0.1 to our MS Active Directory by creating a new user directory in JIRA. All my users from the AD are well added to this new JIRA directory.

However groups linked to those imported users come from the AD and are not the groups previously defined in JIRA (such jira-users, jira-developers, …).

Is there a way to link existing group from JIRA and to avoid importing the groups from the Active Directory when I'm importing users from AD?

Thank you.



3 answers

1 accepted

18 votes
Answer accepted
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 9, 2012

Hi there,

In order to use JIRA groups for your LDAP users you will need to configure your LDAP directory to use "Read Only with Local Group" permission setting.

In order to avoid your directory to synchronize the LDAP groups into your JIRA, you will need to create a search filter that can't retrieve any groups. For example using "DummyValue" such as

(objectCategory=DummyValue)

In order to configure a default group(s) for all of your LDAP users, you could use "Adding Users to Groups Automatically". This feature will allow your LDAP users to be added into the configured local group(s) automatically during their first log-in.

Hope it helps.

Cheers,
Septa Cahyadiputra

Francois M. FASBENDER July 10, 2012

Hi Septa,

Thank you very much for your answer, it helps in this way that my imported users are not linked to AD groups.

However is there a way to assign default JIRA groups when importing those users such it works when I create a user manually in JIRA? Do we exclusively need working with Crowd for that?

Thank you!

François.

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 10, 2012

Yes, it is possible. Just update my first answer, please refer to my edited answer.

Cheers,
Septa Cahyadiputra

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 10, 2012

Pleasure is all mine :)

Francois M. FASBENDER July 10, 2012

Septa,

absolutely perfect! Thank you very much for your great help.

François.

2 votes
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 10, 2012

30 karma pts should be granted to Septa's answer.. That is correct..

What more are you looking for in this?

Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 28, 2012

ouch on that down-vote?

Not sure what that was for - Harsh! - indeed Septa's answer was correct, after validating in our engineering as well.

1 vote
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 9, 2012

Depending on how big your AD is, if you have nested groups, and also if you want similar group management in more than one Atlassian app, you might want to consider using Crowd for additional controls and SSO between the apps ..

Here's for filtering in Crowd..

https://confluence.atlassian.com/display/CROWD/Restricting+LDAP+Scope+for+User+and+Group+Search

Suggest an answer

Log in or Sign up to answer