By default, JIRA manages its users and groups internally. Most organizations today often use LDAP such as Microsoft Active Directory (AD) for centralized user management, and you can integrate JIRA with LDAP. JIRA supports many different types of LDAP, including AD, OpenLDAP, and more.
There are two options to integrate JIRA with LDAP. In this recipe, we will explore the first option by using an LDAP Connector, and we will look at the second option in the next recipe, Integrating with LDAP for authentication only.
For this recipe, you will need to have an LDAP server up and running. You need to make sure that the JIRA server is able to access to the LDAP server and there are no glitches; for example, it is not blocked by firewalls.
At a minimum, you will also need to have the following information:
- The host name and port number of the LDAP server.
- The Base DN to search for users and groups.
- The credentials to access the LDAP server. If you want JIRA to be able to make changes to LDAP, make sure the credentials have write permissions.
Proceed with the following steps to integrate JIRA with an LDAP server:
- Navigate to Administration | User Management | User Directories.
- Click on the Add Directory button and select either Microsoft Active Directory or LDAP for non-AD directories.
- Enter the LDAP server, schema, and permission settings. Refer to the following table for more details.
- Click on the Quick Test button to validate JIRA's connectivity to LDAP.
- Click on the Save and Test button if there are no issues connecting to LDAP.
- Type in a username and password to run a quick test. While doing this, make sure JIRA is able to connect to LDAP, find the user and retrieve the user's group information, and lastly, is able to authenticate against LDAP.
Server Settings
Description
Name
This is an identifier for the LDAP server.
Directory type
This selects the type of the LDAP server, for example, Microsoft Active Directory. JIRA will automatically fill in the user and group schema details based on the type selected.
Hostname
This is the server where LDAP is hosted.
Port
This is the port LDAP server that is listening to incoming connections.
Use SSL
This checks whether SSL is being used on LDAP.
Username
This the user account that JIRA will use to access LDAP. This should be a dedicated account for JIRA.
Password
This is the password for the account.
The following screenshot shows how to test the settings:
After you have added your LDAP server as a user directory, JIRA will automatically start to synchronize its user and group data. Depending on the size of your LDAP, it may take a few minutes to complete the initial synchronization. You can click on the Back to directory list link and see the status of the synchronization process.
Once the process is completed, you will be able to see all your LDAP users and groups show up, and you will be able to use your LDAP credentials to access JIRA.
What we have just created in this recipe is called a connector. With a connector, JIRA will first pull user and group information from LDAP and create a local cache, and then periodically synchronize any deltas.
All authentication will be delegated to LDAP; so, if a user's password is updated in LDAP, it will be immediately reflected when the user attempts to log in to JIRA. It is important to note that with LDAP, users must still be in the necessary groups (for example, jira-users by default) in order to access JIRA. So, you need to make sure that you either create a group called jira-users in LDAP and add everyone to it, or grant the JIRA Users global permission to other custom groups, such as all employees.
Also note that, only users who have access to JIRA will count toward your license count.