Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP query settings

System Administrator
System Administrator
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 19, 2019

I'm trying to get my LDAP settings right for the User Directories section.  I'm fairly close, it can see the users in my AD group and I can assign them to local groups (Read Only with Local Groups) but when I do the Test Settings bit at the end everything works except "Test get group members" which fails.  I've been reading various pages about how to get it working correctly without success.

As far as I can tell this is the right format for my User Object Filter: 

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Jira Users,OU=Groups - Contoso,DC=contoso,DC=com))

Then I have this for my Group Object Filter:

(&(objectCategory=Group)(CN=Jira Users))

Unless it's not supposed to work I'm thinking they must be nearly right but I'm missing some important detail.  I wondered if it was the space in the group name but I can't find any useful notes on how to deal with that if it's an issue.

Can anyone help?

 

Thanks.

Answer
Watch
Like Be the first to like this
907 views

1 answer

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 19, 2019

Are the group objects you're trying to pull in actually in the Jira Users container in your AD? I believe the space should be ok, but if the groups are in a different container (like if there's only user objects in the Jira Users container) then Jira won't be able to fetch any user groups that the users are members of.

If you've got a setup where the Jira Users container contains both the users and groups you want to use (basically like this screenshot but "Jira Users" being your container name instead of "Users")...

you might consider using the Base DN field in the setup with the parameter

cn=Jira Users,dc=contoso,dc=com

and just leaving the other filter parameters at their defaults. Jira knows how to figure out the difference between users and groups with its default filter settings - if you can just point it at the right container or OU, it can sort out the rest if everything's in the same spot. Where you want to use those additional group/user filters is if the groups are stored in a different container or OU than the user accounts.

Let me know how that goes - or maybe a blurred screenshot of your AD U&C layout if you're still running into issues!

Cheers,
Daniel

View More Comments
System Administrator
System Administrator
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 20, 2019

LDAP.png The full setup:

*Server Settings
Name: Active Directory
Directory Type: Microsoft Active Directory
Hostname (FQDN of DC): dc.contoso.com
Port: 389, no SSL
Username: CONTOSO\ldapsearch

*LDAP Schema
Base DN: DC=contoso, DC=com

*LDAP Permissions
Read Only, with Local Groups

*User Schema Settings
User Object Class: user
User Object Filter: (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=Jira Users,OU=Groups - Contoso,DC=contoso,DC=com))
User Name Attribute: sAMAccountName
User Name RDN Attribute: cn
User First Name Attribute: givenName
User Last Name Attribute: sn
User Display Name Attribute: displayName
User Email Attribute: mail
User Password Attribute: unicodePwd
User Unique ID Attribute: objectGUID

*Group Schema Settings
Group Object Class: group
Group Object Filter: (&(objectCategory=Group)(CN=Jira Users))
Group Name Attribute: cn
Group description Attribute: description

*Membership Schema Settings
Group Members Attribute: member
User Membership Attribute: memberOf
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.