Can AD groups shadow JIRA internal groups?

MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 17, 2014

If I have a group named "QA" in my JIRA internal directory and I then add an Active Directory user directory before the internal directory, and AD also has a group named "QA". What happens? I can see two possibilitiies:

1. JIRA handles this case and the AD group becomes the one that is used in notification schemes, permission schemes, workflows, saved filters, issue security schemes and project roles

2. More likely is that the group id from the internal group gets embedded in all those places and I have to change it myself. Has anyone done this with a Groovy script before me?

Note that the Groups page only seems to show the Notification schemes a group is used in, and the user directory a group belongs to is not shown anywhere.

4 answers

1 accepted

0 votes
Answer accepted
Adam Marszałek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 20, 2014

We're using this as a feature, to have one group configured in permission scheme, and users coming from inside (AD) and outside (internal crowd). In this case Jira makes union of user sets and username conflicts are resolved by directory order.

Everywhere we needed to use this trick we found out that only group name is taken into consideration, so it worked for us as unification between external users and company employees in terms of notifications, permissions etc.

0 votes
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 18, 2014

Yes, eclipse or shadow a group, just like a user gets shadowed when you put the AD user directory above the internal user directory. I thought that I had seen the group id used in some parts of JIRA configuration but failed to find that when I went and looked.

So maybe I can just add an AD user directory with the same group names and everything will be hunky dory. But I haven't done that since JIRA 5 I think, so I'd love to hear from someone who has done this more recently

0 votes
MattS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 18, 2014

I created a group and added it to all those places. In the XML backup it seems that the group name is used everywhere, so maybe JIRA just handles this case.

0 votes
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 18, 2014

You mean, like "eclipse" a group? My understanding is that it depends on the order of the directories. If the internal dir is below the AD dir, the AD group will be used. Is that not what you see?

Suggest an answer

Log in or Sign up to answer