This page last changed on Mar 21, 2011 by smaddox.

You can connect your JIRA application to an LDAP directory for delegated authentication. This means that JIRA will have an internal directory that uses LDAP for authentication only.

Overview

An internal directory with LDAP authentication offers the features of an internal directory while allowing you to store and check users' passwords in LDAP only. On LDAP, all it does is to check the password. The LDAP connection is read only. Every user in the internal directory must map to a user on LDAP, otherwise they cannot log in.

When to use this option: Choose this option if you want to set up a user and group configuration within your application that suits your needs, while checking your users' passwords against the corporate LDAP directory. This option also helps to avoid the performance issues that may result from downloading large numbers of groups from LDAP.

Connecting JIRA to an Internal Directory with LDAP Authentication

To connect to an internal directory but check logins via LDAP:

  1. Log in as a user with the 'JIRA System Administrators' global permission.
  2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  3. Select 'User Directories' from the 'Users, Groups & Roles' section of the 'Administration' menu.
  4. Add a directory and select type 'Internal with LDAP Authentication'.
  5. Enter the values for the settings, as described below.
  6. Save the directory settings.
  7. Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. We recommend that the 'Internal Directory with LDAP Authentication' is at the top of the list.

    Here is a summary of how the directory order affects the processing:

    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.

    For details see Managing Multiple Directories.

  8. Add your users and groups in JIRA. See Managing Users and Managing Groups.

Server Settings

Setting Description
Name A descriptive name that will help you to identify the directory. Examples:
  • Internal directory with LDAP Authentication
  • Corporate LDAP for Authentication Only
Hostname The host name of your directory server. Examples:
  • ad.example.com
  • ldap.example.com
  • opends.example.com
Port The port on which your directory server is listening. Examples:
  • 389
  • 10389
  • 636 (for example, for SSL)
Use SSL Tick this check box if the connection to the directory server is an SSL (Secure Sockets Layer) connection. Note that you will need to configure an SSL certificate in order to use this setting.
Username The distinguished name of the user that the application will use when connecting to the directory server. Examples:
  • cn=administrator,cn=users,dc=ad,dc=example,dc=com
  • cn=user,dc=domain,dc=name
  • user@domain.name
Password The password of the user specified above.

Schema Settings

Setting Description
Base DN The root distinguished name (DN) to use when running queries against the directory server. Examples:
  • o=example,c=com
  • cn=users,dc=ad,dc=example,dc=com
  • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.
User Name Attribute The attribute field to use when loading the username. Examples:
  • cn
  • sAMAccountName

Diagram of a Possible Configuration

Full Size
A Gliffy Diagram named: Gliffy-JIRA-LDAP-Auth-Only

Diagram above: JIRA connecting to an LDAP directory for authentication only.

RELATED TOPICS

Configuring User Directories

Document generated by Confluence on Mar 27, 2011 18:31