Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Remove some users from being listed when using @mention

adrianprocter
adrianprocter July 16, 2018

In setting up our Jira environment (7.10.1), I've added 3 active directory groups, and access is all good.  What I'm wondering is if there is a way to remove certain accounts from being listed when people use the @mention facility.

For example, I have three user accounts in 2 of the 3 active directory groups,.  One of them I have never used, one is my day-to-day account, and the final one is my domain admin account.  When testing the @mention feature, I see all 3 of my accounts listed, and the first one listed is the account that is never used.  As no one who would use Jira would use anything other than their day-to-day account, I was looking for a way to stop the duplicated accounts (they are not strictly duplicates as the account names are different) from being listed, and the emails generated going to accounts that are not monitored.  This does not happen to a huge number of people, so if there is a solution, and that has to be done on a per-account basis, that is fine by me.

 

Answer
Watch
Like Be the first to like this
1124 views

2 answers

0 votes
adrianprocter
adrianprocter July 20, 2018

Thanks everyone for their responses.

I managed to resolve my issue by a combination of things.

I stopping the 80K users being loaded I used the specific user group by giving the full DN in the user field filter.  This, as mentioned listed everyone, but marked all accounts as disabled.  By chance, I discovered about the Apache Directory Studio, when I used that application I could not find the group I was using.  I switched to using a different AD group, pasted in the path from Apache Directory Studio, and everything started working.  

Reply
0 votes
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 18, 2018

Adrian,

I would recommend that you remove the Jira license from any users that no longer need to have access, and they shouldn't be mentionable anymore.

If there are users you want to have Jira access but don't want them to be mentioned then unfortunately this is not possible.

There's a feature request for this below:

Please feel free to vote on it and watch in order to help show your support for this feature. Commenting on it with your use case will also be helpful.

Thank you for your understanding!

Regards,

Shannon

View More Comments
adrianprocter
adrianprocter July 19, 2018

Hi Shannon, 

That approach doesn't seem to be working for me.  I've now tried going down a different route, which is limiting the Active Directory to just the group that all Jira users will belong to.

Following the notes in https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html, I'm trying to add in the User Object Filter the full path to the AD group:

(&(objectCategory=user)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=cn=Jira Users,OU=Level 2,OU=Security Groups,OU=Groups,OU=myorg,dc=myorg,dc=ca))

Without this filter, I am able to authenticate users, but I have 79,032 users.  With the filter, I am not able to authenticate my account (Test retrieve user : Failed User <myusername> does not exist), but the correct users are listed (all 79) in the user listing, and every account is disabled.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 20, 2018

Hi Adrian,

There have been some other reports that using the Test login action can sometimes give inaccurate results, see https://community.atlassian.com/t5/Jira-Core-questions/Test-retrieve-user-Failed/qaq-p/628477

So it might help to first save the changes, perform the sync, and then see if these other users can login to Jira.

It's possible that you still might see disabled user account records in Jira even after adjusting the user object filter to remove those accounts.  Jira will create placeholder records for any user that had any comments/contributions in Jira.  It does this to help with data integrity (deleting user accounts in jira isn't usually a good idea), but the benefit here is that these account wouldn't be able to login and you can still see historically which user did what in Jira.

If you have saved the directory changes, performed a sync, and users you expect can't login, then it might help to run some SQL on Jira's database to understand if the user account is actually getting pulled into Jira or not.

select * from cwd_directory;

will show us all the user directories Jira is setup to use.   In this case we want to check the directory_id value for the LDAP user directory you are trying to sync users from.

 

With that value in mind you can then run another query such as

 

select * from cwd_user where directory_id='12345' and lower_user_name='jsmith';

In this query we need to use the directory_id value found in the first query to replace the 12345, and also replace the username with a lowercase form of the user's login.    Or you could just run this query to see all the users in that directory that Jira synced:

select * from cwd_user where directory_id='12345'

However if you actually synced 80k users, this might give you back more result than expected.   But these queries could be helpful to make sure that the user accounts you expect to be in jira from this sync are actually there first.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.