I’d like to be able to import groups from a specific Active Directory OU, and filter by a set prefix on the group name. For each group that is found in AD, I’d like that group to be created in Jira (if it doesn’t already exist) and sync every user in that group. If the user doesn’t exist in Jira, I want them added to base jira-user, as well as the group that it resides in, in AD.
Is this possible using a User Directory connection?
|JIRA TEST 1||Bob|
|JIRA TEST 2||Alice|
Group JIRA TEST 1 already exists in the JIRA internal directory. If Bob, Carol or Ted aren't already in the internal group, I'd like them added.
Group JIRA TEST 2 doesn't exist in JIRA. I'd like the group created in Jira (with the same name), and Alice, Flo and Mel put in that group. Mel wasn't already in Jira, so I'd like him to be added to jira-users as well as JIRA TEST 2.
Group Sample 1 is left alone because it doesn't match my filter.
Thanks for the reply. I've tried adding the connector option, but I need to create a filter. I don't have control over where the groups are being added in Active Directory, and there are hundreds of groups in there that I don't want. I'm trying to filter based on a naming convention, but I can't get the filter to work.
The Group Object filter I'm using is similar to this: (&(objectClass=group)(cn=SAMPLE NAME PREFIX*))
This was based on a suggestion I saw in another help thread.
I'm using Jira version 8.5.17 and the LDAP options for the User Directory is better than the version I was on when I posted the question.
I still don't have exactly what I was asking for, but I'm close. I had to work with both Atlassian (via a service ticket) and my corporate Active Directory team to get to where I am. Our AD is very complicated, but with the right filters, I have a limited number of groups syncing. If a new user signs in, an account is created and their groups will sync.
This option is "read only, with local groups".
Synchronizing data from external directories | Administering Jira applications Data Center and Server 8.5 | Atlassian Documentation
I have the same requirement as you. I want to read groups form our AD with wildcard in the group name. Each group should be created in Jira if not already there and the group should contain the group members as in our AD. Is it possible for you to share you LDAP string so that we can see how it works.
You can sync multiple directories by properly configuring your base and group DN. The active directory user directory will sit above the local user directory and will take priority. You will need to put the jira-users group in the default group membership. or if you do not plan on changing the groups that often you can add the ad group to application access to get the users access.
Atlassian's documentation on this can be found here: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events