We use the corporate Active Directory as the fount of authentication for both JIRA and Confluence. This works fairly well except for one problem... When a user's account expires in AD (such as because he was a consultant hired for predetermined amount of time), JIRA does not know about it...
They would not be able to actually login, but it remains possible to assign tickets to them, for example – causing confusion and irritation among remaining users.
How can I make JIRA skip expired accounts, when synchronizing with AD?
I don't have a really perfect solution for you but here a little bit hacky one:
Define a filter like this:
where 127818648000000000 is the timestamp of now (http://www.rlmueller.net/Programs/DateToInteger8.txt)
from time to time you must recalculate and replace this value with the new current time (better programmatically )
sorry for not having a more elegant solution but maybe I just don't know the AD ldap queries not good enough
Андрій, one way to disable an account in AD is to explicitly mark it as such. This will change the value of the LDAP-visible field `userAccountControl`. This is easy enough to do -- just alter the LDAP filter used by the directory-synchronization. (See [this page|http://blogs.msdn.com/b/muaddib/archive/2008/10/08/query-individual-properties-of-the-useraccountcontrol-active-directory-user-property.aspx] for example.) Another way a user may become inactive in AD is by "expiring" -- if an account-expiration date was entered into AD, when the account was created, it will become inactive automatically on that date. How to detect _that_, is what I am asking here.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG