In the previous recipe, we have looked at how to integrate JIRA with LDAP for authentication, users, and group management. Sometimes, you might need LDAP only for authentication, and you want to keep the group membership separate from LDAP for easy management.
In this recipe, we will look at how to integrate JIRA with LDAP only for authentication.
Proceed with the following steps to integrate JIRA with an LDAP server exclusively for authentication:
- Navigate to Administration | User Management | User Directories.
- Click on the Add Directory button and select Internal with LDAP Authentication.
- Enter the LDAP server and schema settings. Most of the parameters are identical to creating a normal LDAP connection with a few exceptions. Refer to the following table for details.
- Click on the Quick Test button to validate JIRA's connectivity to LDAP.
- Click on the Save and Test button if there are no issues connecting to LDAP.
Server settings
Description
Copy User on Login
This automatically copies the user from LDAP into JIRA when the user first successfully logs in to JIRA.
Default Group Membership
This automatically adds the user into the groups specified here when the user first successfully logs in to JIRA. This setting is not retrospectively applied to existing users. This is a useful feature to ensure every user who can log in to JIRA will be added to the necessary groups, such as jira-users.
Synchronize Group Memberships
This automatically copies the user's group membership to JIRA when the user successfully logs in.
This authentication option is similar to the previous recipe with a number of key differences:
- LDAP is only used for authentication
- JIRA does not automatically synchronize the user and group information from LDAP after the initial user login
- JIRA has read-only access to LDAP
- Group membership is managed inside JIRA
With this setup, every time a user first successfully logs in to JIRA, the user is copied from LDAP to JIRA's local user repository along with the group membership (if configured to do so). Since LDAP is only used at authentication time, with no initial overhead of synchronizing all the user information, this option can provide better performance for organizations that need to synchronize a large user base in LDAP.