Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Force LDAP directory for JIRA login

Brian Bircham1
Brian Bircham May 2, 2013

Hi all

Can anyone tell me if they've managed to force JIRA to use a specific LDAP directory when logging in to JIRA?

My situation is as follows

We have two domains (d1 and d2). Some users log in with an account in d1 and some log in with an account to d2. Some users in d2 have an email account in d1 so they can get email on that domain address and vice versa for d1-d2. JIRA looks at d1 and then d2 when authenticating users. This means that users with their account on d2 can't log in as they don't get their password to their mail account on d1.

Things I have tried include:

  • Changing the group membership used to filter to the same group on the other domain - doesn't work as the group affects only permissions once logged in and not which directory is used for authetnication
  • Setting password for the domain account and having the user log in as the other domain - does not fit with company policy or best practise
  • Try forcing the authentication by changing the JIRA name to d2\username - would get overwritten on the next sync, as would the group memberships we'd have to create manually

Any suggestions to this problem are welcome!

Brian

Answer
Watch
Like Be the first to like this
729 views

1 answer

1 accepted

0 votes
Answer accepted
Alex Perez
Alex Perez
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 2, 2013

I'm not sure if this is the same solution that you attempted in the first point ..

* in d1 create a group with all users that must log using d2.

* in jira administration, edti configuration for d1, configure LDAP user directory. Then, in User Schema Settings, change User Object Filter adding a condition to exclude all members of the group created in the previous step.

In theory, the validation step will fail in d1 for those users, so Jira will attempt against d2 ..

HTH

View More Comments
Brian Bircham1
Brian Bircham May 2, 2013

Very good Alex! We thought it was limiting to the groups but I see now that the Group Settings is for downloading the groups only. Perfect! Thanks for your help

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events