Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,299,666
Community Members
 
Community Events
165
Community Groups

Can I sync multiple Active Directory Groups

Edited

I’d like to be able to import groups from a specific Active Directory OU, and filter by a set prefix on the group name.  For each group that is found in AD, I’d like that group to be created in Jira (if it doesn’t already exist) and sync every user in that group.  If the user doesn’t exist in Jira, I want them added to base jira-user, as well as the group that it resides in, in AD. 
Is this possible using a User Directory connection?

Example:

AD GroupMembers
JIRA TEST 1Bob
Carol
Ted
JIRA TEST 2Alice
Flo
Mel
Sample 1Vera
Lynn

 

Group JIRA TEST 1 already exists in the JIRA internal directory.  If Bob, Carol or Ted aren't already in the internal group, I'd like them added.
Group JIRA TEST 2 doesn't exist in JIRA.  I'd like the group created in Jira (with the same name), and Alice, Flo and Mel put in that group.  Mel wasn't already in Jira, so I'd like him to be added to jira-users as well as JIRA TEST 2.
Group Sample 1 is left alone because it doesn't match my filter.

2 answers

Hi Brant,

Thanks for the reply.  I've tried adding the connector option, but I need to create a filter.  I don't have control over where the groups are being added in Active Directory, and there are hundreds of groups in there that I don't want.  I'm trying to filter based on a naming convention, but I can't get the filter to work.

The Group Object filter I'm using is similar to this: (&(objectClass=group)(cn=SAMPLE NAME PREFIX*))
This was based on a suggestion I saw in another help thread.

Hey Steve,

I know it has been quite some time since you posted this question. I am looking at a very similar situation and have been unsuccessful in finding a solution. 

Did you find a solution to this?

Thanks! 

Cathi

Hi Cathrine,

I'm using Jira version 8.5.17 and the LDAP options for the User Directory is better than the version I was on when I posted the question. 

I still don't have exactly what I was asking for, but I'm close.  I had to work with both Atlassian (via a service ticket) and my corporate Active Directory team to get to where I am.  Our AD is very complicated, but with the right filters, I have a limited number of groups syncing.  If a new user signs in, an account is created and their groups will sync.  

This option is "read only, with local groups".
Synchronizing data from external directories | Administering Jira applications Data Center and Server 8.5 | Atlassian Documentation

Hello Steve,

I have the same requirement as you. I want to read groups form our AD with wildcard in the group name. Each group should be created in Jira if not already there and the group should contain the group members as in our AD. Is it possible for you to share you LDAP string so that we can see how it works.

Thanks,

Raimund 

0 votes
Brant Schroeder Community Leader Aug 08, 2019

Steve,

  You can sync multiple directories by properly configuring your base and group DN.  The active directory user directory will sit above the local user directory and will take priority.  You will need to put the jira-users group in the default group membership.  or if you do not plan on changing the groups that often you can add the ad group to application access to get the users access.

Atlassian's documentation on this can be found here: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you