Hi all,
Just getting started setting up Jira within our network. I have added 3 groups within active directory which will hold the users and thier specific roles. When I sync active directory with Jira it pulls the users through but not the users within those groups - is it something I am doing wrong?
Thanks
It wont let me add a comment with that many characters -
Sounds like your user filter or base may be incorrect.. can you check, or click "directory summary" and put that info here (anonymise if necessary).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"autoAddGroups": ""
"com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
"com.atlassian.crowd.directory.sync.issynchronising": "false"
"com.atlassian.crowd.directory.sync.lastdurationms": "328"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1326286478695"
"crowd.sync.incremental.enabled": "true"
"directory.cache.synchronise.interval": "3600"
"ldap.basedn": "OU=Jira Groups,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local"
"ldap.connection.timeout": "10000"
"ldap.group.description": "description"
"ldap.group.dn": ""
"ldap.group.filter": "(objectCategory=Group)"
"ldap.group.name": "cn"
"ldap.group.objectclass": "group"
"ldap.group.usernames": "member"
"ldap.local.groups": "false"
"ldap.nestedgroups.disabled": "true"
"ldap.pagedresults": "true"
"ldap.pagedresults.size": "1000"
"ldap.password": (not shown)
"ldap.pool.initsize": "null"
"ldap.pool.maxsize": "null"
"ldap.pool.prefsize": "null"
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "false"
"ldap.read.timeout": "120000"
"ldap.referral": "true"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://serveraddress:389"
"ldap.user.displayname": "displayName"
"ldap.user.dn": ""
"ldap.user.email": "mail"
"ldap.user.encryption": "sha"
"ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "user"
"ldap.user.password": (not shown)
"ldap.user.username": "sAMAccountName"
"ldap.user.username.rdn": "cn"
"ldap.userdn": "jirauser@domain"
"ldap.usermembership.use": "false"
"ldap.usermembership.use.for.groups": "false"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Directory ID: 10000
Name: calsbs2008
Active: true
Type: CONNECTOR
Created date: Wed Dec 21 14:42:30 GMT 2011
Updated date: Wed Jan 11 12:54:39 GMT 2012
Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Directory ID: 1
Name: JIRA Internal Directory
Active: true
Type: INTERNAL
Created date: Wed Dec 21 13:53:45 GMT 2011
Updated date: Wed Jan 11 10:31:17 GMT 2012
Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
"useNestedGroups": "false"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The output contains too much text - do I have to break it down into 2 comments? Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your base dn is ou=Groups, so it will get groups but not users. Make the base db higher, then you can set an additional group DN.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If I do this can I specify a group DN and leave the users DN blank to get the import to import those users from that group? Or do I need to specify each user?
The way I understand I need to go with this to get active directory integration is to have the user groups in ldap/Active Directory and and thier membership in there and then Jira will import the groups with the users and add them to the co-insiding group if nesting is setup with (ldapdev in jiradev) (ldapadmin in jiraadmin) and (ldapusers in jirausers) is this right?
Thanks again
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you only want to get users in certain groups, then create a user filter that only selects users in those groups (memberOf in active directory). Test on a dev instance...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What I dont get is from the instructions it says "
This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN. Example:
ou=Users"
So I have specified within the base DN OU=Security Groups,OU=MyBusiness,DC=domain,DC=local" and then in the groups OU=Jira Groups. Within Jira groups OU are 3 groups and each contain a single user - shouldnt the search look within these and add the users it finds?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, because the DN for each of those users are not under the base DN for the directory.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So cant you add users from a security group? Do they have to be added from an OU?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.