Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP-Setup, Specify multiple OU's in "Additional User DN"

Trond Jakob Sjøvang
Trond Jakob Sjøvang June 28, 2017

Hello,

I have setup an user directory to synchronize with our Active Directory like this:

Base DN: dc=domain,dc=name

Additional User DN: ou=Employees

Additional Group DN: ou=Groups,ou=are,ou=here

Furthermore I have used "User Object Filter" and "User Object Filter" to only add users and groups that are member of a certain group in AD.

 

Now we also want to include some users found under ou=consultants,dc=domain,dc=name, but because our AD has a huge number of users with thousands of users (mostly school pupils) we don't want to just remove ou=Employees from "Additional User DN" and sync the entire tree. Can you use LDAP filter-syntax in "Additional User DN" or do you have any other way to specify more than one path?

If not, are there any other good ways of accomplishing what we want without modifying our ad structure or syncing the entire tree?

Answer
Watch
Like Be the first to like this
20049 views

3 answers

1 vote
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 29, 2017

Hello Trond,

You could also add multiple user directories pointing to different parts of your Active Directory.

 

Lars. Kantega Single Sign-on

View More Comments
Trond Jakob Sjøvang
Trond Jakob Sjøvang July 2, 2017

good point! didn't think of that

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 2, 2017

No problem!

That`s why we have the community, right? :)

-Lars

Like
Shyam Goda
Shyam Goda
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 26, 2018

Hello Lars Olav Velle,

If I understood your suggestion correctly, we need to add multiple user directories on Jira to get different sets of users from multiple OU paths of AD, for example, one User-Directory for "OU=EMPLOYEES,OU=Location_1,OU=Domain,OU=Local" and a second User-Directory for "OU=EMPLOYEES,OU=Location_2,OU=Domain,OU=Local". Please confirm.

 

Is it possible to specify all required AD-OU-paths in a single User-Directory? If so, please help me with the syntax for specifying multiple AD paths, either in the LDAPFilter or in the Additional User DN settings.

Thanks.

Regards,

Shyam

Like Marcelo Mella likes this
Marcelo Mella
Marcelo Mella
Contributor
November 7, 2019

Hello Shyam

Did you manage to configure just a single directory?

Like
Ryan Rosenthal
Ryan Rosenthal March 26, 2020

Is it possible to have different user directories setup to look at different OUs?

Like
Marcelo Mella
Marcelo Mella
Contributor
March 26, 2020

Yes Ryan, it is possible

I'm interested in the solution for one single directory.

Anyone make it work for AD?

Like
Ryan Rosenthal
Ryan Rosenthal March 26, 2020

Yes. We have it setup for AD right now for a single OU. But we have are groups located in a separate OU from our users so I'm looking to setup a second directory for groups.

Like
Marcelo Mella
Marcelo Mella
Contributor
March 26, 2020

Ryan

You can add the same AD configuration with different OUs. This works fine.

The problem is you can't share user groups or implement SSO.

What i need is one single directory connection to AD, with multiple OUs inside

Like
Reply
0 votes
Kundan Mukherjee
Kundan Mukherjee May 31, 2021

In case of additional DN if both the OU(s) are in parallel then it will not work on the same directory. You need to create a new directory for that. But if it's inside the base OU then it will work. Like below - 

BaseDN - OU=Users,OU=Sites,OU=Domain,OU=com

Addional DN - OU=Atlassian_Users

Reply
0 votes
Trond Jakob Sjøvang
Trond Jakob Sjøvang June 28, 2017

The root cause of syncing the entire tree was actually something completely different. Turning off "follow referals" under advanced settings solved the underlying problem

View More Comments
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 29, 2017

Yes, that should never have been the default setting!

-Lars

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.