Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Automatic Application Access for User out of LDAP

Thilo Brause
Thilo Brause
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 14, 2018

We have JIRA connected to a LDAP for user Management.

To restrict accessing JIRA, we set up a filter in the configuration of the LDAP, that only users inside a certain Group in the LDAP are synchronized to JIRA.

We have set Default Application Access for each new User to JIRA-Software but still need to add each user manually to that Group in JIRA after we added the user to the Group in LDAP.

It seems that a new user synchronized from LDAP does not trigger the "New User" behaviour for Default application Access.

We want to reach a behavior, where each user we add to the Group in LDAP is added automically to the user group in JIRA - is there any way to achieve this?

Answer
Watch
Like Be the first to like this
1079 views

2 answers

1 accepted

0 votes
Answer accepted
Bastian Stehmann
Bastian Stehmann
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 14, 2018

Hi @Thilo Brause,

 

in the User Directory Configuration you can add a default group (if you have local groups enabled). Every user will be added to that group when the user logs in for the first time.

Reply
0 votes
Moses Thomas
Moses Thomas
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 14, 2018 edited

@Thilo Brause

Yep

For internal directory with Ldap  authentication

it means  you want to  use both Jira internal  directory and LDAP directory then

  1. Just be sure that you  have the group  say  Active-jira-user  is in Ldap, and this group  is also configured  in JIRA as the group  user must be in to  access Jira.  then you will  manually  add groups which are in  Jira internal  directory. (i guess your  current case) just create groups in  LDAP then add user to  this group,  if group are  not in  Jira(unified) they  will  be created after synchro depending on minutes you set for synchronization chose the Update group memberships when logging in  > every time user logs in,   chose synchronization . this should work. 
  2. Make sure your group  setting  is  correctly filtered in  LDAP configuration setting
  3. Make sure order of directory is correct in  JIRA application
  • You could configure LDAP  directory to  add a default group with Read Only, with Local Groups  enabled (Every user will be added to that group when the user logs in for the first time) but you  will  have problem later when  you  want to  add other group after first  login because  this  is done  once.

best!

View More Comments
Logan Hawkes
Logan Hawkes
Contributor
April 30, 2019

I'd like to clarify this to make sure I have this right.

The Jira server is configured with an LDAP user dir and JIRA Internal Directory. The LDAP is configured for Read Only, with Local Groups.
The LDAP config has:

"ldap.userdn": "CN=svc-jira-it,OU=Service Accounts,OU=PAN,DC=spockmate,DC=local”
"autoAddGroups": "jira-users|jira-software-users”

This means that all users added to the LDAP group "svc-jira-it" will be synced to Jira and appear in the list of users. However, they won't be granted access to Jira because there isn't a local "svc-jira-it" group on the Jira server that's granted access to Jira. The solution is to add a local group to Jira called "svc-jira-it" and add it to the autoAddGroups list in the LDAP config.

Have I got that right? It seems wrong to me.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.