Can I sync multiple Active Directory Groups

Deleted user August 8, 2019

I’d like to be able to import groups from a specific Active Directory OU, and filter by a set prefix on the group name.  For each group that is found in AD, I’d like that group to be created in Jira (if it doesn’t already exist) and sync every user in that group.  If the user doesn’t exist in Jira, I want them added to base jira-user, as well as the group that it resides in, in AD. 
Is this possible using a User Directory connection?

Example:

AD GroupMembers
JIRA TEST 1Bob
Carol
Ted
JIRA TEST 2Alice
Flo
Mel
Sample 1Vera
Lynn

 

Group JIRA TEST 1 already exists in the JIRA internal directory.  If Bob, Carol or Ted aren't already in the internal group, I'd like them added.
Group JIRA TEST 2 doesn't exist in JIRA.  I'd like the group created in Jira (with the same name), and Alice, Flo and Mel put in that group.  Mel wasn't already in Jira, so I'd like him to be added to jira-users as well as JIRA TEST 2.
Group Sample 1 is left alone because it doesn't match my filter.

2 answers

2 votes
Deleted user August 27, 2019

Hi Brant,

Thanks for the reply.  I've tried adding the connector option, but I need to create a filter.  I don't have control over where the groups are being added in Active Directory, and there are hundreds of groups in there that I don't want.  I'm trying to filter based on a naming convention, but I can't get the filter to work.

The Group Object filter I'm using is similar to this: (&(objectClass=group)(cn=SAMPLE NAME PREFIX*))
This was based on a suggestion I saw in another help thread.

Cathrine Chanslor October 15, 2021

Hey Steve,

I know it has been quite some time since you posted this question. I am looking at a very similar situation and have been unsuccessful in finding a solution. 

Did you find a solution to this?

Thanks! 

Cathi

Deleted user October 18, 2021

Hi Cathrine,

I'm using Jira version 8.5.17 and the LDAP options for the User Directory is better than the version I was on when I posted the question. 

I still don't have exactly what I was asking for, but I'm close.  I had to work with both Atlassian (via a service ticket) and my corporate Active Directory team to get to where I am.  Our AD is very complicated, but with the right filters, I have a limited number of groups syncing.  If a new user signs in, an account is created and their groups will sync.  

This option is "read only, with local groups".
Synchronizing data from external directories | Administering Jira applications Data Center and Server 8.5 | Atlassian Documentation

Raimund Haag April 6, 2022

Hello Steve,

I have the same requirement as you. I want to read groups form our AD with wildcard in the group name. Each group should be created in Jira if not already there and the group should contain the group members as in our AD. Is it possible for you to share you LDAP string so that we can see how it works.

Thanks,

Raimund 

0 votes
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 8, 2019

Steve,

  You can sync multiple directories by properly configuring your base and group DN.  The active directory user directory will sit above the local user directory and will take priority.  You will need to put the jira-users group in the default group membership.  or if you do not plan on changing the groups that often you can add the ad group to application access to get the users access.

Atlassian's documentation on this can be found here: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events