I am using the Read Only, with Local Groups configuration for LDAP. When a user is disabled in Microsoft Active Directory, the user's groups are removed from their account in JIRA. The only group that seems to stick is this Jira Users group in the application. The default group membership is a jira-users group in the LDAP configuration. Please advise on why this happens, and what can I do to prevent their removal from groups. Typical scenario is a Leave of Absence.
That shouldn't happen. Are the AD admins removing groups from users? Or putting the user into some OU not synced by JIRA?
Just deactivating a user account in AD should cause JIRA to mark the user as inactive
I tested disabling a user ("Jeremy Owen") in AD and he stayed in his LDAP groups, just marked inactive:
Sometimes AD admins will move a user to an OU for disabled users and take them out of any security groups. It doesn't impact your local jira-users group because that one is not controlled by LDAP. When the LDAP admin puts them back in the LDAP groups, JIRA should pick up those memberships again.
If users are being re-enabled and JIRA is not pickinhg up their group memberships it may be worthwhile to open a support ticket so Atlassian can take a closer look. An LDIF export of the user from AD and a support zip will help Support get started.
Hi Matt and Ann,
Thanks for responding!
@Ann, I have verified our process on disabling users who to on a leave of absence. We do move them to a different OU,
"Sometimes AD admins will move a user to an OU for disabled users and take them out of any security groups."
The membership to that Jira Users, active directory, group is not removed. So if the user account is moved to a disabled users OU, should that still affect the local user in JIRA? User Schma targets the Jira Users group in a specific OU using the memberOf attribute. Group Schema: (&(objectCategory=Group)(name=Jira Users)). And the member schema uses member and memberOf with both attributes disabled/unchecked.
I should probably open a ticket at this point but if anything obvious stands out, please let me know.
I have the same issue :(
when I start to synchronize manually, all users back to groups.
in log I can find only this:
2018-08-09 15:08:18,604 Caesium-1-2 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteChangeOperations] removed [ 109 ] user members from [ Jira_MGMT ] in [ 1023ms ]
I'm sure that there are no any changes in AD
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in talking to 20 people planning t...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs