In the previous recipe, we have looked at how to integrate JIRA with LDAP for authentication, users, and group management. Sometimes, you might need LDAP only for authentication, and to keep the group membership separate from LDAP for easy management.
In this recipe, we will look at how to integrate JIRA with LDAP only for authentication.
For this recipe, you will need to have an LDAP server up and running. You need to make sure that the JIRA server is able to access to the LDAP server. For more details, refer to the previous recipe, Integrating and importing users from LDAP.
Proceed with the following steps to integrate JIRA with an LDAP server exclusively for authentication:
- Navigate to Administration | User management | User Directories.
- Click on the Add Directory button, and select the
Internal with LDAP Authenticationoption. - Enter the LDAP server and schema settings. Most of the parameters are identical to creating a normal LDAP connection, with a few exceptions. Refer to the following table for details.
- Click on the Quick Test button to validate JIRA's connectivity to LDAP.
- Click on the Save and Test button if there are no issues connecting to LDAP.
|
Server settings |
Description |
|
Copy User on Login |
This automatically copies the user from LDAP into JIRA when the user first successfully logs in to JIRA. |
|
Default Group Membership |
This automatically adds the user into the groups specified here when the user first successfully logs in to JIRA. This setting is not retrospectively applied to existing users. This is a useful feature to ensure that every user who can log in to JIRA will be added to the necessary groups, such as jira-users. |
|
Synchronize Group Memberships |
This automatically copies the user's group membership to JIRA when the user successfully logs in. |
This authentication option is similar to the previous recipe with a number of key differences:
- LDAPis only used for
- JIRA does not automatically synchronize the user and group information from LDAP after the initial user
- JIRA has read-only access to
- Group membership is managed inside
With this setup, every time a user first successfully logs in to JIRA, the user is copied from LDAP to JIRA's local user repository along with the group membership (if configured to do so). Since LDAP is only used at authentication time, with no initial overhead of synchronizing all the user information, this option can provide better performance for organizations that need to synchronize a large user base in LDAP.