with an LDAP user, returned additionalĪttributes, including the all important mail attribute. Once again ldapsearch proved what was going on: We had configured While the email field couldīe updated in the JIRA user management, it always emptied every time the JIRA about as useful as a chocolate teapot. However the email field wasĮmpty, which means that JIRA mail notification didn’t work, rendering We managed to get users synced from FreeIPA, and able to authenticateĪnd thus log in to JIRA fairly easily. The compat tree (which among other things does not have the mail (objectclass=inetorgperson) ensures that replies DO NOT come from Making the query with the correct filter gave us data from the desired Of our first attempt we were getting returns from both trees, and that Important role here in determining which of the trees returns data. The chosen adapter, and the configuration applied to it, plays an FreeIPA uses the RFCĢ307bis schema (with users stored under cn=accounts, cn=users), butĪlso offers publishes an alternative “compat” treeĬn=users,cn=compat,dc=example,dc=com with users in a RFC 2307 There are several different LDAP RFC Schemas. Persuaded to work, with more or less additional configuration. Other Adapters: It is possible that other adapters can also be Users have reported success with this adapter: To the (objectclass=posixAccount) filter. Other Candidate Adapters #įedoraDS: We did NOT use the FedoraDS adapter (even thoughįedoraDS is an ancestor of FreeIPA), as this uses the compat tree due While JIRA offers a wide range of LDAP Adapters, it does not (yet) offerĪ FreeIPA Adapter out of the box. Which confused JIRA, and then how to prevent this.įreeIPA and JIRA logs: What queries is JIRA actually making?Īlthough you can guesstimate based on your config, it is great to seeįreeIPA Server: /var/log/dirsrv/slapd-*/accessĬom., and got partial Initially getting results from both the compat and accounts trees. This approach helped us to see that we were Simulate queries that JIRA might be making, fine tune filters, and Ldapsearch: This command line tool is your friend! Use it to Where, which attributes are available (and even making changes in Is invaluable to getting into the guts of an LDAP, seeing what is We used the following tools to gain insight into the structure of theįreeIPA LDAP directory, and to understand and simulate the queries thatĪpache Directory Studio: This or any similar visual LDAP browser Much of the config described below could probably be used for the other Replicated to JIRA - only those that actually log in to JIRA. In particular this means that only a subset of the FreeIPA users will be Replicated one-way to JIRA on user login. i.e.įreeIPA users, and optionally groups + group membership are That FreeIPA users and groups are copied to the JIRA internal directory We chose Internal Directory with LDAP Authentication, which means JIRA can be integrated to an LDAP by a number of different paths Solutions that work as well, but this is the one that worked for us.Īt the time of integration we were running FreeIPA Server 4.1.0 and JIRA Unfortunately FreeIPA integration is not natively supported, but once JIRA offers a number of different ways to integrate to LDAP. Likely the same approach can be taken to integrate other Atlassian This page describes how to integrate JIRA to a FreeIPA LDAP server. LDAP_authentication_for_Atlassian_JIRA_using_FreeIPA #ĭraft / Work in Progress on formatting Introduction #
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |