i want to evaluate Jira and I have here a Problem with the LDAP-Authentication. The LDAP-Server is an Apache-DS.
The users are loaded correct, the groups also. But the membership to a group is not loaded.
In these Groups the memberUid is only the uid, not the full dn like cn=Max Payne,ou=people,o=company.
Is there a way to let jira work with these groups? I have no authorization to change our LDAP-schemas.
does the uid match the username you defined for JIRA?
JIRA grabs the user name depending on the attribute you defined within the User Schema Settings > User Name RDN Attribute. By default, this is "cn" for Apache DS.
So in your case, if your memberships are based of the uid, then the User Name RDN Attribute should also use the uid field.
I have a similar problem. We are evaluating Jira with a Zimbra-based ldap backend.
The username field is "uid" and
the groups are stored in an objectclass=posixGroup
# developers, groups, mydomain.com dn: cn=developers,ou=groups,dc=mydomain,dc=com gidNumber: 10007 displayName: Software Developers cn: developers description: Software Developers memberUid: benc memberUid: malcolms objectClass: posixGroup
I have done a manual ldapserach from the command line which gets the answer I need ..
ldapsearch -x -LL -b ou=groups,dc=mydomain,dc=com "(&(objectclass=posixGroup)(memberUid=malcolms))" cn version: 1 dn: cn=developers,ou=groups,dc=mydomain,dc=com cn: developers
In the LDAP configuratuion page, I have ..
Group Schema Settings
Group Object Class: posixGroup
Group Object Filter: (objectclass=posixGroup)
Group Name Attribute: cn
Group Description Attribute: description
Membership Schema Settings
Group Members Attribute: memberUid
User Membership Attribute: uid
Use the User Membership Attribute: [*] When finding the user's group membership
I have used wireshark to trace the network packets to the ldap server and I can see that the search filter that Jira is using is
This is fine when the group class is "groupOfUniqueNames" where the members are stored with their full dn. e.g.
objectclass: groupOfUniqueNames uniqueMember: uid=testuser,ou=people,dc=example,dc=com
How can Jira be configured to just use the (memberUid=malcolms) when the group objectclass is posixGroup ?
Having spent some time working through this problem with jira support, the final outcome is that it will not work :(
The group mapping in this version of Jira only works when the Group Object Class is of type "groupOfUniqueNames", where the group member search is fully qualified.
We are running v5.2.10
Good news, I spoke too soon.
It seems that the reason it was not working was I had selected the wrong directory type.
"Open LDAP" instead of "Open LDAP (Read-Only Posix Schema)" - the important bit is the fact that its a Posix Schema, with the side effect that Jira only has read-only support (i think).
Also found this post which had the same problem and fixed it the same way.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot