Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira with LDAP-Auth and PosixGroups

Dennis Ditte
Dennis Ditte
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 19, 2012

Hey,

i want to evaluate Jira and I have here a Problem with the LDAP-Authentication. The LDAP-Server is an Apache-DS.

The users are loaded correct, the groups also. But the membership to a group is not loaded.

In these Groups the memberUid is only the uid, not the full dn like cn=Max Payne,ou=people,o=company.

Is there a way to let jira work with these groups? I have no authorization to change our LDAP-schemas.

Regards

Answer
Watch
Like Be the first to like this
1769 views

4 answers

1 vote
David Chan
David Chan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 26, 2012

does the uid match the username you defined for JIRA?

JIRA grabs the user name depending on the attribute you defined within the User Schema Settings > User Name RDN Attribute. By default, this is "cn" for Apache DS.

So in your case, if your memberships are based of the uid, then the User Name RDN Attribute should also use the uid field.

View More Comments
Dennis Ditte
Dennis Ditte
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 6, 2013

Hi,

I have changed this field to "uid" but it doesn't work. There is no change i could recognize.

Like
Reply
0 votes
Malcolm Shamwan
Malcolm Shamwana - I.T. May 7, 2013

Good news, I spoke too soon.

It seems that the reason it was not working was I had selected the wrong directory type.

"Open LDAP" instead of "Open LDAP (Read-Only Posix Schema)" - the important bit is the fact that its a Posix Schema, with the side effect that Jira only has read-only support (i think).

Also found this post which had the same problem and fixed it the same way.

http://stackoverflow.com/questions/14707019/ldap-user-are-not-put-automatically-into-ldap-group-in-jira

Reply
0 votes
Malcolm Shamwan
Malcolm Shamwana - I.T. May 7, 2013

Bad news.

Having spent some time working through this problem with jira support, the final outcome is that it will not work :(

The group mapping in this version of Jira only works when the Group Object Class is of type "groupOfUniqueNames", where the group member search is fully qualified.

We are running v5.2.10

Reply
0 votes
Malcolm Shamwan
Malcolm Shamwana - I.T. April 17, 2013

Hi

I have a similar problem. We are evaluating Jira with a Zimbra-based ldap backend.
The username field is "uid" and
the groups are stored in an objectclass=posixGroup

# developers, groups, mydomain.com
dn: cn=developers,ou=groups,dc=mydomain,dc=com
gidNumber: 10007
displayName: Software Developers
cn: developers
description: Software Developers
memberUid: benc
memberUid: malcolms
objectClass: posixGroup

I have done a manual ldapserach from the command line which gets the answer I need ..

ldapsearch -x -LL -b ou=groups,dc=mydomain,dc=com "(&(objectclass=posixGroup)(memberUid=malcolms))" cn
version: 1

dn: cn=developers,ou=groups,dc=mydomain,dc=com
cn: developers

In the LDAP configuratuion page, I have ..

Group Schema Settings
Group Object Class: posixGroup
Group Object Filter: (objectclass=posixGroup)
Group Name Attribute: cn
Group Description Attribute: description

Membership Schema Settings
Group Members Attribute: memberUid
User Membership Attribute: uid
Use the User Membership Attribute: [*] When finding the user's group membership

I have used wireshark to trace the network packets to the ldap server and I can see that the search filter that Jira is using is

Filter: (&(objectclass=posixGroup)(memberUid=uid=malcolms,ou=people,dc=mydomain,dc=com))

This is fine when the group class is "groupOfUniqueNames" where the members are stored with their full dn. e.g.

objectclass: groupOfUniqueNames
uniqueMember: uid=testuser,ou=people,dc=example,dc=com

How can Jira be configured to just use the (memberUid=malcolms) when the group objectclass is posixGroup ?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.