I have Jira 5.x locally installed and an OpenLDAP Server with Users and Groups. The Syncronisation in Jira get all users and groups perfectly, but the users do not belong to any group. I've set the default groups to enable LDAP users to login to Jira.
What am I doing wrong?
This is the LDAP Schema:
dn: [email protected],ou=intern,ou=people,dc=company,dc=local
objectClass: posixAccount
objectClass: account
objectClass: ldapPublicKey
homeDirectory: /home/demouser
loginShell: /bin/bash
cn: Demo User
uidNumber: 10001
gidNumber: 10001
userPassword: {SSHA}xxxxxxxxxxx
uid: [email protected]
dn: cn=groupname,ou=project,ou=group,dc=company,dc=local
objectClass: posixGroup
description: a funny group for a project
gidNumber: 10018
cn: groupname
memberUid: [email protected]
memberUid: xyz
memberUid: ...
If I run the Test in Jira, I'm getting the following error Message:
Test get user's memberships with 0 groups retrieved. : Failed
And these are the Settings in Jira:
What is LDAP. LDAP is the Lightweight Directory Access Protocol. It's a hierarchical organization of Users, Groups, and Organisational Units - which are containers for users and groups. Every object has it's own unique path to it's place in the directory - called a Distinguished Name, or DN.
In the upper-right corner of the screen, select Administration > User Management. Select User Directories. Add a directory and select one of these types: Microsoft Active Directory – This option provides a quick way to select Active Directory, because it is the most popular LDAP directory type.
We experienced a similar problem. It seemed that JIRA insists on including the User Membership Attribute - which is from the user schema - such as "memberOf" regardless of whether you already have the Group Members Attribute. However it should be an either / or option - either Group Membership Attribute (eg. memberUid in the group schema) OR User Membership Attribute (eg. memberOf in the user schema), as they fulfill more or less the same function.
The problem was solved when we noticed there are actually two closely related options for the directory type: "OpenLDAP" and "OpenLDAP (Read-only Posix Schema)". As we were using the posixGroup schema (as in your example), choosing the Read-only Posix Schema solved the issue. If you go to the Server Settings section at the top, you should see both options in the drop down list.
In addition, you should be able to switch from "Read Only, with Local Groups" to "Read Only" in the LDAP Permissions section (if you wanted to). One caveat is that we were using the inetOrgPerson and shadowAccount schemas (rather than account, as in your example) in conjunction with posixAccount for the user schemas.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With