Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Read-only LDAP groups with local groups

Don Carlos Abrams
Don Carlos Abrams May 24, 2022

We have an instance of Jira Server that is configured to use our LDAP server (ORM LDAP Server) for authentication as shown below: 

 LDAP.png

In addition to this, the Jira instance is also used to provide authentication for a Confluence instance.

 This works perfectly well, but there's a behaviour that we would like to change.  As configured, our LDAP group information is copied to the Jira instance and allows us to add users to both the locally created groups and to those groups that are copied from the LDAP server.  The information copied to the groups supplied via LDAP is not synchronised with the group information in the LDAP repository.   Having the ability to augment the group structure with new, local groups is a requirement, but we don't want to allow those groups that are synchronized from the LDAP server to be modified locally.  We would prefer that the groups supplied via LDAP are managed only via the LDAP server and not via the Jira UI.

 Is there a way that this could be implemented?

Answer
Watch
Like Be the first to like this
1449 views

1 answer

1 vote
meliodas16
meliodas16
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 25, 2022

Hello @Don Carlos Abrams ,

If I understood correctly, you no longer want to be able to add LDAP users to local Jira groups, if this is the case you have to change the LDAP permission to "Read only" (currently it's set to "Read only, with local groups").

community2.PNG

For further details please have a look at : Connecting to an LDAP directory

Kind regards.

View More Comments
Don Carlos Abrams
Don Carlos Abrams May 25, 2022

No.  We don't want to be able to modify the LDAP-supplied groups via Jira.  We still need to be able to add LDAP users to the local Jira groups.

Like
meliodas16
meliodas16
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 25, 2022

Hello @Don Carlos Abrams ,

With the permission parameter set up to "Read only, with local groups", you are not updating the LDAP server when you add a local user to an LDAP group. Indeed Jira create a "copy" of all the LDAP groups. So in reality you're not managing or modifying the LDAP group, you're only managing this "copies" from the UI.

Kind regards.

Like
Don Carlos Abrams
Don Carlos Abrams May 25, 2022

Thanks, but you can still modify the copy of the LDAP-supplied group and that's what we want to prevent.

Like
Don Carlos Abrams
Don Carlos Abrams May 26, 2022

So, is this possible or not?

Like
meliodas16
meliodas16
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 30, 2022

Hello @Don Carlos Abrams ,

Unfortunatly, I think it is not.

Sorry for the late response.

Kind regards.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
8.2
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.