Geek Answers Handbook

How to import Active Directory users in JIRA only from certain groups?

A word of caution to begin with - I really don't know if what I want to do is possible, especially because I am not good at LDAP / Active Directory or JIRA.

I am trying to integrate my shiny new JIRA installation with an existing active directory. I want to create specific JIRA groups (for example, in London \ Security Groups \ JIRA *), and then JIRA imports only those users who have membership in these groups. However, in the directory created in JIRA, I do not understand how to do this. It seems that I can import users and groups, but not users from groups.

What am I missing? (except knowledge of expert level AD!)

Update

In my domain I have an organizational structure:

London\Users

London \ Security Groups \ JIRA

As part of the last organizational unit, I have a security group called "jira-users". The first contains all users.

So far I have tried the following queries, and none of them have worked:

(all prefix &(objectCategory=Person)(sAMAccountName=*)" )

memberof=CN=jira-users,ou=London,ou=Security Groups,ou=JIRA,dc=mycompany,dc=local

memberof=CN=JIRA,ou=London,ou=Security Groups,dc=mycompany,dc=local

(prefixed only &(objectCategory=Person)" )

memberof=CN=jira-users,ou=London,ou=Security Groups,ou=JIRA,dc=mycompany,dc=local

Completed

Request in progress:

memberof=CN=jira-users,OU=JIRA,OU=Security Groups,OU=London,DC=mycompany,DC=local

I did not understand that for the folder structure, which logically, from left to right, London \ Security Groups \ JIRA, organizational units should be listed in reverse order.

Further update

This only works when using the DirectorySearcher class for some reason, for example

 DirectoryEntry rootEntry = new DirectoryEntry("LDAP://dc=mycompany,dc=local"); DirectorySearcher srch = new DirectorySearcher(rootEntry); srch.SearchScope = SearchScope.Subtree; srch.Filter = "(&(objectCategory=Person)(sAMAccountName=*)(memberof=CN=jira-users,ou=London,ou=Security Groups,ou=JIRA,dc=mycompany,dc=local))"; SearchResultCollection results = srch.FindAll();

This does not work in the LDAP Explorer, and then not in the JIRA itself.

Last update

So ... for JIRA you need to reverse the order and remove the wildcard. At the end, a working request:

(&(objectCategory=Person)(memberof=CN=jira-users,OU=JIRA,OU=Security Groups,OU=London,DC=mycomapny,DC=local))

+4
source share
1 answer

When you configure the user directory, see the user schema settings. You should see the "Custom Object Filter" field. There you can add something like this:

 (memberOf=cn=jira-users,ou=London,dc=mydomain,dc=com)

This will allow you to filter based on a specific LDAP group. Of course, you will need to modify the above values ​​to reflect your own environment.

+5
source

More articles:


All Articles