Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Ldap user groups not showing users

shabbaranks
shabbaranks January 10, 2012

Hi all,

Just getting started setting up Jira within our network. I have added 3 groups within active directory which will hold the users and thier specific roles. When I sync active directory with Jira it pulls the users through but not the users within those groups - is it something I am doing wrong?

Thanks

Answer
Watch
Like Mo Beigi likes this
2778 views

2 answers

0 votes
shabbaranks
shabbaranks January 10, 2012

It wont let me add a comment with that many characters -

Reply
0 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2012

Sounds like your user filter or base may be incorrect.. can you check, or click "directory summary" and put that info here (anonymise if necessary).

View More Comments
shabbaranks
shabbaranks January 10, 2012

"autoAddGroups": ""
"com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
"com.atlassian.crowd.directory.sync.issynchronising": "false"
"com.atlassian.crowd.directory.sync.lastdurationms": "328"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1326286478695"
"crowd.sync.incremental.enabled": "true"
"directory.cache.synchronise.interval": "3600"
"ldap.basedn": "OU=Jira Groups,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local"
"ldap.connection.timeout": "10000"
"ldap.group.description": "description"
"ldap.group.dn": ""
"ldap.group.filter": "(objectCategory=Group)"
"ldap.group.name": "cn"
"ldap.group.objectclass": "group"
"ldap.group.usernames": "member"
"ldap.local.groups": "false"
"ldap.nestedgroups.disabled": "true"
"ldap.pagedresults": "true"
"ldap.pagedresults.size": "1000"
"ldap.password": (not shown)
"ldap.pool.initsize": "null"
"ldap.pool.maxsize": "null"
"ldap.pool.prefsize": "null"
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "false"
"ldap.read.timeout": "120000"
"ldap.referral": "true"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://serveraddress:389"
"ldap.user.displayname": "displayName"
"ldap.user.dn": ""
"ldap.user.email": "mail"
"ldap.user.encryption": "sha"
"ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "user"
"ldap.user.password": (not shown)
"ldap.user.username": "sAMAccountName"
"ldap.user.username.rdn": "cn"
"ldap.userdn": "jirauser@domain"
"ldap.usermembership.use": "false"
"ldap.usermembership.use.for.groups": "false"

Like
shabbaranks
shabbaranks January 10, 2012

Directory ID: 10000
Name: calsbs2008
Active: true
Type: CONNECTOR
Created date: Wed Dec 21 14:42:30 GMT 2011
Updated date: Wed Jan 11 12:54:39 GMT 2012
Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:

Like
shabbaranks
shabbaranks January 10, 2012

Directory ID: 1
Name: JIRA Internal Directory
Active: true
Type: INTERNAL
Created date: Wed Dec 21 13:53:45 GMT 2011
Updated date: Wed Jan 11 10:31:17 GMT 2012
Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
"useNestedGroups": "false"

Like
shabbaranks
shabbaranks January 10, 2012

The output contains too much text - do I have to break it down into 2 comments? Thanks

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2012

Your base dn is ou=Groups, so it will get groups but not users. Make the base db higher, then you can set an additional group DN.

Like
shabbaranks
shabbaranks January 10, 2012

If I do this can I specify a group DN and leave the users DN blank to get the import to import those users from that group? Or do I need to specify each user?

The way I understand I need to go with this to get active directory integration is to have the user groups in ldap/Active Directory and and thier membership in there and then Jira will import the groups with the users and add them to the co-insiding group if nesting is setup with (ldapdev in jiradev) (ldapadmin in jiraadmin) and (ldapusers in jirausers) is this right?

Thanks again

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2012

If you only want to get users in certain groups, then create a user filter that only selects users in those groups (memberOf in active directory). Test on a dev instance...

Like
shabbaranks
shabbaranks January 10, 2012

What I dont get is from the instructions it says "

This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN. Example:

  • ou=Users"

So I have specified within the base DN OU=Security Groups,OU=MyBusiness,DC=domain,DC=local" and then in the groups OU=Jira Groups. Within Jira groups OU are 3 groups and each contain a single user - shouldnt the search look within these and add the users it finds?

Thanks

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2012

No, because the DN for each of those users are not under the base DN for the directory.

Like
shabbaranks
shabbaranks January 11, 2012

So cant you add users from a security group? Do they have to be added from an OU?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events