Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

jira ldap readonly connection

Marek Wasilewsk
Marek Wasilewski June 12, 2014

Hi

I need to configure JIRA to connect to Microsoft AD, check user login & password and let them login or show some ugly red warning. Nothing else. Right now, when somebody reconfigures JIRA LDAP connection and makes mistake JIRA synchronizes with ad and wipes all users (except for those few local ones) and when admin writes correct configuration users are restored but without groups.

I suppose that there are 2 solutions:

1) users, groups etc. are stored in LDAP

2) (preffered) groups are stored in JIRA; JIRA connects to LDAP when a user tries to log in and checks their password; if there is anything bad with ldap, JIRA _cannot_ wipe user table.

My jira is 5.2.8.

Regards

Marek

Answer
Watch
Like Be the first to like this
284 views

3 answers

1 accepted

0 votes
Answer accepted
Marcus Silveira
Marcus Silveira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 12, 2014

Hi Marek,

You can try using a delegated directory (Internal with LDAP authentication).

This will sync users only when they log into the application and should not clear up everyone if anyone messes the configuration.

Hope it helps.

View More Comments
Marek Wasilewsk
Marek Wasilewski June 12, 2014

Hi Marcus

That's what I was looking for :). Thanks!! :)

Like
Reply
0 votes
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 12, 2014

Delegated LDAP Authentication can work but in this case the users will be internal to JIRA. There is an option to copy users on first login but the user has to login before it appears inside JIRA.

Another option is to configure the directory as you have done but with "Read Only, with Local Groups" option. In this case, you can add local groups and use those groups in permissions.

Reply
0 votes
Andris Grinbergs
Andris Grinbergs
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 12, 2014

Just don't give admin permission to AD user which will jira use to retrieve LDAP users... In such case Jira will not be able to wipe LDAP...

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events