Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Duplicate users in LDAP

Devu Heda
Devu Heda
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 8, 2012

Hi

We have a situation, our JIRA is connected to 2 LDAPs and we have duplicate users in the LDAP. However the user is always active in only one LDAP (&(&(objectClass=user)(objectCategory=person)(userAccountControl=512)).

How do i force jira to authenticate the user to the LDAP the user is active in? My understanding if once JIRA associates a user to one LDAP it will never look into the other LDAP at all if it cannot authenticate the user with the associated LDAP

Example: User1 got associated with LDAP2 but then for a short period the user is active in ldap1 (dont ask me why our IT has setup like this). Will JIRA authenticate this user with LDAP1 if LDAP1 is 1st in the list of User directories?

Thanks

Answer
Watch
Like Be the first to like this
1311 views

3 answers

1 accepted

0 votes
Answer accepted
Devu Heda
Devu Heda
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2012

well in this case we just broke down our ldap configuration such that we never would hit the duplicate user ...not the best way but resolved our issue ...we spent ton of time and finally opted for this

Reply
0 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2012

userAccountControl=512 is probably wrong... userAccountControl is a bitmask, likely there will be other flags set so the value will not equal 512. The syntax for testing if it has this bit set is nasty, something like:

(userAccountControl:1.2.840.113556.1.4.803:=512) - returns true if 0x00000200 is set.

Reply
0 votes
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 14, 2012

Hi Dave,

I'm not sure if I understand it correctly. It seems that what you want is to JIRA keep using LDAP2 to authenticate User1. However, JIRA if LDAP1 is listed at the top (1st) on User Directories, and JIRA able to find the User1 on your LDAP1, JIRA would not continue to search it on LDAP2.

In order to force JIRA to use LDAP2 to authenticate User1, you would need to configure a search filter on LDAP1 to exclude User1 so that JIRA would not find the user on LDAP1 and will authenticate User1 to LDAP2. For example

(&(&(objectClass=user)(objectCategory=person)(userAccountControl=512)(!(CN=User1))))

Hope it helps.

Cheers,

Septa Cahyadiputra

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events