I’m trying to find a document that lists the needed permissions of the Bind account in AD. So far I haven’t found anything. Hoping someone can point me in the right direction.
I want to use the password reset functionality to allow AD users self-service password resets and it looks to work when I use the domain admin as a bind account for testing but that isn’t ideal.
I see that you are looking for more information about what permissions are needed for the Active Directory account that Jira can use to connect to a user directory. We do have some information about this in the documentation on Connecting to an LDAP directory.
By default, all users can read the uSNChanged attribute; however, only administrators or users with relevant permissions can access the Deleted Objects container. The specific privileges required by the user to connect to LDAP are "Bind" and "Read" (user info, group info, group membership, update sequence number, deleted objects), which the user can obtain by being a member of the Active Directory's built-in administrators group.
We know that an administrator of that AD will have the needed permissions. However if the user account is not in this administrator's group, those listed permissions would still need to be granted to that user for Jira to be able to properly use this account.
I hope this helps.
Learn how to use two new reports for next-gen projects in Jira Cloud: Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events