We use an Active Directory with many users (1200+). They are imported into JIRA including our AD groups (nested groups are turned on).
We also have set the "Default Group Membership" to "jira-users".
The problem is that we do not want every user in the AD to log to be part of the group "jira-users". We want every user to be part of the "jira-users" up front, so everyone can assign everyone even though they have not logged in yet.
Will it work to put a "jira-users" group into out AD? (and assign an AD group "all" to that)
It seems that I can not add a AD group to a JIRA group using the nested group functionality. I get the permission denied. See https://jira.atlassian.com/browse/JRA-24671 So that is not an option even though it would have been perfect for us.
Hi Carsten,
If the LDAP directory is on the top position in your "User Directories" list within JIRA, you could create a group called "jira-users" in AD and assign the users as member of this group, then in the next synchronization the LDAP users would appear as member of "jira-users" group in JIRA before they log in.
Cheers
Hi, it is a good workaround, but not what i looked for. I hoped for some solution in JIRA. Moving the manual job to the AD is still manual. And the AD can't put a Universal group into a normal group (ie. all-AD-users-group,which we have, into a jira-users AD group).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Do you have a common group user in LDAP that all user is member of it? Perhaps you can add it directly to the JIRA Users under Global Permission?
Once it sync the users should posses the ability to login immediately as we know that the local-group require first login. 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.