LDAP-Setup, Specify multiple OU's in "Additional User DN"

Trond Jakob Sjøvang June 28, 2017

Hello,

I have setup an user directory to synchronize with our Active Directory like this:

Base DN: dc=domain,dc=name

Additional User DN: ou=Employees

Additional Group DN: ou=Groups,ou=are,ou=here

Furthermore I have used "User Object Filter" and "User Object Filter" to only add users and groups that are member of a certain group in AD.

 

Now we also want to include some users found under ou=consultants,dc=domain,dc=name, but because our AD has a huge number of users with thousands of users (mostly school pupils) we don't want to just remove ou=Employees from "Additional User DN" and sync the entire tree. Can you use LDAP filter-syntax in "Additional User DN" or do you have any other way to specify more than one path?

If not, are there any other good ways of accomplishing what we want without modifying our ad structure or syncing the entire tree?

3 answers

1 vote
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 29, 2017

Hello Trond,

You could also add multiple user directories pointing to different parts of your Active Directory.

 

Lars. Kantega Single Sign-on

Trond Jakob Sjøvang July 2, 2017

good point! didn't think of that

Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 2, 2017

No problem!

That`s why we have the community, right? :)

-Lars

Shyam Goda April 26, 2018

Hello Lars Olav Velle,

If I understood your suggestion correctly, we need to add multiple user directories on Jira to get different sets of users from multiple OU paths of AD, for example, one User-Directory for "OU=EMPLOYEES,OU=Location_1,OU=Domain,OU=Local" and a second User-Directory for "OU=EMPLOYEES,OU=Location_2,OU=Domain,OU=Local". Please confirm.

 

Is it possible to specify all required AD-OU-paths in a single User-Directory? If so, please help me with the syntax for specifying multiple AD paths, either in the LDAPFilter or in the Additional User DN settings.

Thanks.

Regards,

Shyam

Like Marcelo Mella likes this
Marcelo Mella November 7, 2019

Hello Shyam

Did you manage to configure just a single directory?

Ryan Rosenthal March 26, 2020

Is it possible to have different user directories setup to look at different OUs?

Marcelo Mella March 26, 2020

Yes Ryan, it is possible

I'm interested in the solution for one single directory.

Anyone make it work for AD?

Ryan Rosenthal March 26, 2020

Yes. We have it setup for AD right now for a single OU. But we have are groups located in a separate OU from our users so I'm looking to setup a second directory for groups.

Marcelo Mella March 26, 2020

Ryan

You can add the same AD configuration with different OUs. This works fine.

The problem is you can't share user groups or implement SSO.

What i need is one single directory connection to AD, with multiple OUs inside

0 votes
Kundan Mukherjee May 31, 2021

In case of additional DN if both the OU(s) are in parallel then it will not work on the same directory. You need to create a new directory for that. But if it's inside the base OU then it will work. Like below - 

BaseDN - OU=Users,OU=Sites,OU=Domain,OU=com

Addional DN - OU=Atlassian_Users

0 votes
Trond Jakob Sjøvang June 28, 2017

The root cause of syncing the entire tree was actually something completely different. Turning off "follow referals" under advanced settings solved the underlying problem

Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 29, 2017

Yes, that should never have been the default setting!

-Lars

Suggest an answer

Log in or Sign up to answer