Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Users from subgroups in AD are not shown when using a User Object Filter

bughunter
bughunter
Contributor
March 14, 2013

Hello.

We are using a User Object Filter in the "User Schema Settings" to limit the Users.

Users in a group jira_users are found. If a user Michael is in a group team_a and team_a is a member in jira_users Michael is not shown in jira. If Michael is direct member in jira_users he is shown in jira.

When we look for Michael in "Users" all groups and nested group memberships are shown correctly.

We need the ability to use nested groups in the filter.

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=jira_users,OU=jira,OU=atlassian,OU=xDelegation,DC=company,DC=local))

Limiting the Users by using "Additional User DN" does not limit the Users.

Is this a decision by design or an error?

Answer
Watch
Like # people like this
3257 views

4 answers

1 accepted

5 votes
Answer accepted
bughunter
bughunter
Contributor
March 19, 2013

http://jira.atlassian.com/browse/JRA-32191

Reply
4 votes
petry
petry
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 18, 2013

Hey Christian,

We created an Improvement Request for this particularly problem. You can see it here:

My suggestion is to vote on this request and add yourself as a watcher to receive future updates regarding this case. You can add some comments there also, it will reach the developers directly.

Cheers,
Andre
Reply
2 votes
Mallmann
Mallmann
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2015

Hello guys,

 

In case anyone is still facing this issue:

What happens is that Confluence does not retrieve the subtrees of the user filter you set. So, basically Confluence is only looking for the users that are "memberOf" confluence-users, and not the ones that are memberOf subtrees within the confluence-users group.
However, Microsoft Active Directory (AD) has a specific string that you can add to your filter so that it will look the subtrees as well. For example:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=confluence-users,CN=Users,DC=example,DC=com))

Please, refer to this official Microsoft documentation in case of any questions.

 

I hope it helps smile

Best regards,

Eduardo Mallmann

View More Comments
Aurelia Pagano
Aurelia Pagano
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 22, 2016

Thanks a lot!! This was what I was looking for since hours!

Like
Reply
1 vote
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 18, 2013

Hi Christian,

I've run some tests locally and was able to confirm that JIRA doesn't pull in nested members of a group that is in the search filter. Basically it only searches for the attribute memberOf into the group that is declared in the search filter.

An alternative is include the nested groups into the User Object Filter as the following example:

(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=CN=jira_users,OU=jira,OU=atlassian,OU=xDelegation,DC=company,DC=local)(memberOf=CN=team_a,OU=jira,OU=atlassian,OU=xDelegation,DC=company,DC=local)))

Cheers

View More Comments
bughunter
bughunter
Contributor
April 7, 2013

Adding the nested groups is nice if you have a stable and limited number of groups.

If the creatiung of new groups is rife in your organisation then this is no solution. You would'nt want to fix your LDAP-Filter on a weekly basis; this would be an administrative nightmare...

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.