By default, JIRA manages its users and groups internally. Most organizations today often use LDAP such as Microsoft Active Directory (AD) for centralized user management, and you can integrate JIRA with LDAP. JIRA supports many different types of LDAP, including AD, OpenLDAP, and more.
There are two options to integrate JIRA with LDAP. In this recipe, we will explore the first option by using an LDAP Connector, and we will look at the second option in the next recipe, Integrating with LDAP for authentication only.
For this recipe, you will need to have an LDAP server up and running. You need to make sure that the JIRA server is able to access to the LDAP server and there are no glitches; for example, it is not blocked by firewalls.
At a minimum, you will also need to have the following information:
Proceed with the following steps to integrate JIRA with an LDAP server:
Server Settings |
Description |
---|---|
Name |
This is an identifier for the LDAP server. |
Directory type |
This selects the type of the LDAP server, for example, Microsoft Active Directory. JIRA will automatically fill in the user and group schema details based on the type selected. |
Hostname |
This is the server where LDAP is hosted. |
Port |
This is the port LDAP server that is listening to incoming connections. |
Use SSL |
This checks whether SSL is being used on LDAP. |
Username |
This the user account that JIRA will use to access LDAP. This should be a dedicated account for JIRA. |
Password |
This is the password for the account. |
The following screenshot shows how to test the settings:
After you have added your LDAP server as a user directory, JIRA will automatically start to synchronize its user and group data. Depending on the size of your LDAP, it may take a few minutes to complete the initial synchronization. You can click on the Back to directory list link and see the status of the synchronization process.
Once the process is completed, you will be able to see all your LDAP users and groups show up, and you will be able to use your LDAP credentials to access JIRA.
What we have just created in this recipe is called a connector. With a connector, JIRA will first pull user and group information from LDAP and create a local cache, and then periodically synchronize any deltas.
All authentication will be delegated to LDAP; so, if a user's password is updated in LDAP, it will be immediately reflected when the user attempts to log in to JIRA. It is important to note that with LDAP, users must still be in the necessary groups (for example, jira-users by default) in order to access JIRA. So, you need to make sure that you either create a group called jira-users in LDAP and add everyone to it, or grant the JIRA Users global permission to other custom groups, such as all employees.
Also note that, only users who have access to JIRA will count toward your license count.