Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Custom field to list AD groups?

Devtech83
Devtech83
Contributor
May 6, 2020

We have Jira SD connected to our Active Directory. I need a custom field that lists a subset of AD groups filtered by OU.

So we have AD groups Group A, Group B and Group C. I just want the field to display Group A and Group B.

I guess I need a plugin?

Answer
Watch
Like Be the first to like this
1105 views

1 answer

0 votes
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 6, 2020

Filtering by OU is the problem. When you import the groups from AD, it doesn't keep the OU information. So even though recent version of jira now support limiting what shows up in a user picker, that doesn't cover group pickers, and even if it did I don't think you will be able to filter on that criteria.

You could probably use PowerScripts. It has some nice functionality to connect to LDAP and limit the results to a group picker. However, you want to be careful of performance. Having to call out to AD to look up OU's may slow things down. 

You may want to consider using an intermediate database table, Have a lightweight script that populates a database table with the valid options, then have the custom field backed by the database table. Will be faster from within jira.

View More Comments
Devtech83
Devtech83
Contributor
May 11, 2020

Thanks, I've been trying to find the SIL code to do this in PowerScripts. Are you able to help?

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2020

Went back and took a look at what SIL could do, and that reminded me of the fast that SIL can only work with user objects from LDAP natively. Not group objects or other generic LDAP classes. (I think I knew this, from looking into it a few years ago, but forgot)

Doesn't mean we cant use SIL, we just cant use the LDAP functions directly in SIL to do it. As long as we can write a script that can return a list of the groups, then you can use that in a powerscripts custom field. 

However, its a little convoluted

Option 1: Doing it all in SIL

So using something like

ldapsearch -D <binddn> -w <password> -h <host> -b <ou to search> '(objectclass=group)' Name | grep "name:" | sed 's/name: //'

You would then create a new custom field of type PCF  - MultiSelect.

You could write sil code to take the return of the ldap search (called via "system" and) populate an array that you would return. Taking the string output of system and converting to an array will take a little work. (I dont have time to play with it right now to figure out the exact syntax. Sorry)

 

Option 2: With a database in between

Create a table in your database with a single field. Write a script that runs the ldapsearch, and takes the result and populates that table. (Now you do this depends on what database you are using.)

You can then configure a Datasource in Cprime Plugins Configuration. point to that table. You then make a "database custom field" connected to that.

A little easier to set up perhaps, because your script to create/populate the database can be done however you like. Also a little more optimized in that the database lookups are faster then doing the LDAP lookup each time.

Like
Thies Uhlenbruch
Thies Uhlenbruch
Contributor
September 21, 2021

Can someone confirm that it is also possible with scriptrunner?

Thanks

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.