I’m trying to find a document that lists the needed permissions of the Bind account in AD. So far I haven’t found anything. Hoping someone can point me in the right direction.
I want to use the password reset functionality to allow AD users self-service password resets and it looks to work when I use the domain admin as a bind account for testing but that isn’t ideal.
Thanks
Hi Chad,
I see that you are looking for more information about what permissions are needed for the Active Directory account that Jira can use to connect to a user directory. We do have some information about this in the documentation on Connecting to an LDAP directory.
By default, all users can read the uSNChanged attribute; however, only administrators or users with relevant permissions can access the Deleted Objects container. The specific privileges required by the user to connect to LDAP are "Bind" and "Read" (user info, group info, group membership, update sequence number, deleted objects), which the user can obtain by being a member of the Active Directory's built-in administrators group.
We know that an administrator of that AD will have the needed permissions. However if the user account is not in this administrator's group, those listed permissions would still need to be granted to that user for Jira to be able to properly use this account.
I hope this helps.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.