Thanks for the responses. I have another question. If there are inactive users w/ associations, what happens to those associations when we finally do integrate JIRA with LDAP?

Hello Jess,

it's not that hard but here are some random tips:

• I recommend having a system engineer with good AD knowledge with you while doing the actual configuration
• You can use multiple user directories in Jira, the order in which they’re configured matters for group management and for passwords. You need to know the different configuration options such as Read Only, Read Only with Local Groups and Read Write.

• Know which password will be the master password when a user exists in multiple user directories.

• There are great docs by Atlassian to refer to:
  • Connecting to an LDAP directory
  • Managing multiple directories
• When using nested groups, you can't use an  LDAP directory for delegated authentication

Hi @Jess Beitler 

It is built-in functionality in Jira to setup LDAP user directories, either as a synchronized Active Directory or delegated LDAP with local write permissions. With delegated LDAP, Jira has only knowledge about users which have logged in at least once.

It should be quite straight forward to set it up. In the User Management configurations you find a page for User Directories and here you can add your LDAP user directories. Note that, if you have multiple directories active, the user lookup happening when users log in is done according to the user directory order (see up and down arrows in the user directory table).

With a LDAP user directory in Jira, your AD users should be able to log in with their AD credentials.  With AD and the Kantega SSO app for Jira , you can also setup Kerberos to give all users on a trusted network direct and password-free access to Jira. Kerberos works also in combination with other SSO mechanisms such as SAML.

Regards,
Jon Espen

Full disclosure: I work for Kantega SSO, a top marketplace vendor.