[Freeipa-users] LDAP authentication for JIRA using FreeIPA
Sandor Juhasz
sjuhasz at chemaxon.com
Wed Jun 10 07:47:46 UTC 2015
Hi,
here are our working configurations. Might be useful.
We use compat tree for auth.
We use user in group matching.
We use group filter for login authorization.
We use FedoraDS as ldap connector on JIRA's side.
We don't use pw change or user create in IPA from JIRA side.
Watch out not to have matching local users/groups or you will suffer bigtime.
Initially it was setup not to use ldap groups, but was changed afterwards by
creating all new groups in ldap for this purpose and readding the users.
We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA.
Attributes:
"autoAddGroups": ""
"com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
"com.atlassian.crowd.directory.sync.issynchronising": "false"
"com.atlassian.crowd.directory.sync.lastdurationms": "373"
"com.atlassian.crowd.directory.sync.laststartsynctime": "1433920165776"
"crowd.sync.incremental.enabled": "false"
"directory.cache.synchronise.interval": "3600"
"ldap.basedn": "dc=<OURDOMAIN>"
"ldap.connection.timeout": "0"
"ldap.external.id": ""
"ldap.group.description": "description"
"ldap.group.dn": "cn=groups,cn=compat"
"ldap.group.filter": "(&(objectClass=posixgroup)(|(cn=<COMPANYGROUP>)(cn=<TEAMGROUPS>)(cn=<JIRAGROUP>)))"
"ldap.group.name": "cn"
"ldap.group.objectclass": "groupOfUniqueNames"
"ldap.group.usernames": "memberUid"
"ldap.local.groups": "false"
"ldap.nestedgroups.disabled": "true"
"ldap.pagedresults": "false"
"ldap.pagedresults.size": "1000"
"ldap.password": ********
"ldap.pool.initsize": "null"
"ldap.pool.maxsize": "null"
"ldap.pool.prefsize": "null"
"ldap.pool.timeout": "0"
"ldap.propogate.changes": "false"
"ldap.read.timeout": "120000"
"ldap.referral": "false"
"ldap.relaxed.dn.standardisation": "true"
"ldap.roles.disabled": "true"
"ldap.search.timelimit": "60000"
"ldap.secure": "false"
"ldap.url": "ldap://<IPAURL>"
"ldap.user.displayname": "cn"
"ldap.user.dn": "cn=users,cn=accounts"
"ldap.user.email": "mail"
"ldap.user.encryption": "sha"
"ldap.user.filter": "(&(objectclass=posixAccount)(memberOf=cn=<JIRAGROUP>,cn=groups,cn=accounts,dc=<OURDOMAIN>))"
"ldap.user.firstname": "givenName"
"ldap.user.group": "memberOf"
"ldap.user.lastname": "sn"
"ldap.user.objectclass": "person"
"ldap.user.password": "userPassword"
"ldap.user.username": "uid"
"ldap.user.username.rdn": ""
"ldap.userdn": "uid=<OURSERVICEUSER>,cn=sysaccounts,cn=etc,dc=<OURDOMAIN>"
"ldap.usermembership.use": "false"
"ldap.usermembership.use.for.groups": "false"
"localUserStatusEnabled": "false"
Sándor Juhász
System Administrator
ChemAxon Ltd .
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964
From: "Martin Kosek" <mkosek at redhat.com>
To: "Christopher Lamb" <christopher.lamb at ch.ibm.com>, freeipa-users at redhat.com
Sent: Wednesday, June 10, 2015 9:22:03 AM
Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
On 06/08/2015 06:44 PM, Christopher Lamb wrote:
>
> Hi All
>
> we are interested to know if anybody has succeeded (or for that matter
> failed) in using FreeIPA to provide user authentication for Atlassian
> products such as JIRA or Confluence?
>
> Somewhere in an Atlassian ticket I saw that FreeIPA is not officially
> supported, so I guess that should set our expectations .....
>
> If anyone has succeeded, then of course any tips on how best to do so would
> be fantastic!
I saw reply in the threads, so it should be covered.
BTW, please add +1s to respective Jira tickets to add proper FreeIPA support.
It would be really cool if Jira would know FreeIPA out of the box and could
connect to it natively!
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150610/4d97a3ff/attachment.htm>
More information about the Freeipa-users
mailing list