I've enabled Nested groups in jira, but now wish to nest AD groups within jira groups with groovy (via the Script Runner console).
groupService.addGroupsToGroups()
does not work via the Script Runner console, no error message is provided
You can do this using the following script, but you'll need to replace the group names:
import com.atlassian.jira.bc.JiraServiceContextImpl
import com.atlassian.jira.bc.group.GroupService
import com.atlassian.jira.component.ComponentAccessor
def authenticationContext = ComponentAccessor.getJiraAuthenticationContext()
def groupService = ComponentAccessor.getComponent(GroupService)
def jiraServiceContext = new JiraServiceContextImpl(authenticationContext.getLoggedInUser())
// groups that can have groups added to them
def nestedGroups = ["nested1", "nested2"]
// the groups to add to the nested groups above as children
def childGroups = ["group1", "group2"]
def groupValidationResult = groupService.validateAddGroupsToGroup(jiraServiceContext, nestedGroups, childGroups)
if (groupValidationResult.isSuccess()) {
groupService.addGroupsToGroups(jiraServiceContext, nestedGroups, childGroups)
} else {
log.warn "invalid children groups: $groupValidationResult.invalidChildren"
}
Notably this uses GroupService to add nested groups. I'd recommend using GroupService, as it performs some validation that GroupManager may not.
Thanks Adam.
This works great for Jira-originated groups but doesn't work for AD groups. Is nesting not supported for AD?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good to hear you got it working.
The response here indicated you may need to change some configuration to get nested groups working for AD.
Hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Unless I'm mistaken the post you provided is to do with altering the AD integration to find users in AD sub-groups of AD groups.
I wish to nest AD groups within Jira-only groups via groovy. This is possible via the GUI (after enabling nested groups in User Mgmt).
Any ideas Adam?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are doing a user directory migration from our old pre-acquisition AD directory to the LDAP run by our new parent corporation. I was able to adapt Adam's script to nest our new LDAP-based groups under their legacy counterparts in Jira's internal user directory.
I guess the only trick is that you need to make sure you enable nested groups in the internal user directory, but that's not hard to do.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.