LDAP Read/Write Permissions

Chad Corkrum
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 12, 2019

I’m trying to find a document that lists the needed permissions of the Bind account in AD. So far I haven’t found anything. Hoping someone can point me in the right direction.

I want to use the password reset functionality to allow AD users self-service password resets and it looks to work when I use the domain admin as a bind account for testing but that isn’t ideal.

Thanks

1 answer

0 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 17, 2019

Hi Chad,

I see that you are looking for more information about what permissions are needed for the Active Directory account that Jira can use to connect to a user directory.   We do have some information about this in the documentation on Connecting to an LDAP directory.

By default, all users can read the uSNChanged attribute; however, only administrators or users with relevant permissions can access the Deleted Objects container. The specific privileges required by the user to connect to LDAP are "Bind" and "Read" (user info, group info, group membership, update sequence number, deleted objects), which the user can obtain by being a member of the Active Directory's built-in administrators group.

We know that an administrator of that AD will have the needed permissions.  However if the user account is not in this administrator's group, those listed permissions would still need to be granted to that user for Jira to be able to properly use this account.

I hope this helps.

Andy

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events