[Freeipa-users] LDAP authentication for JIRA using FreeIPA

Sandor Juhasz sjuhasz at chemaxon.com
Wed Jun 10 07:47:46 UTC 2015 

Hi, 

here are our working configurations. Might be useful. 
We use compat tree for auth. 
We use user in group matching. 
We use group filter for login authorization. 
We use FedoraDS as ldap connector on JIRA's side. 
We don't use pw change or user create in IPA from JIRA side. 
Watch out not to have matching local users/groups or you will suffer bigtime. 
Initially it was setup not to use ldap groups, but was changed afterwards by 
creating all new groups in ldap for this purpose and readding the users. 
We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA. 

Attributes: 
"autoAddGroups": "" 
"com.atlassian.crowd.directory.sync.currentstartsynctime": "null" 
"com.atlassian.crowd.directory.sync.issynchronising": "false" 
"com.atlassian.crowd.directory.sync.lastdurationms": "373" 
"com.atlassian.crowd.directory.sync.laststartsynctime": "1433920165776" 
"crowd.sync.incremental.enabled": "false" 
"directory.cache.synchronise.interval": "3600" 
"ldap.basedn": "dc=<OURDOMAIN>" 
"ldap.connection.timeout": "0" 
"ldap.external.id": "" 
"ldap.group.description": "description" 
"ldap.group.dn": "cn=groups,cn=compat" 
"ldap.group.filter": "(&(objectClass=posixgroup)(|(cn=<COMPANYGROUP>)(cn=<TEAMGROUPS>)(cn=<JIRAGROUP>)))" 
"ldap.group.name": "cn" 
"ldap.group.objectclass": "groupOfUniqueNames" 
"ldap.group.usernames": "memberUid" 
"ldap.local.groups": "false" 
"ldap.nestedgroups.disabled": "true" 
"ldap.pagedresults": "false" 
"ldap.pagedresults.size": "1000" 
"ldap.password": ******** 
"ldap.pool.initsize": "null" 
"ldap.pool.maxsize": "null" 
"ldap.pool.prefsize": "null" 
"ldap.pool.timeout": "0" 
"ldap.propogate.changes": "false" 
"ldap.read.timeout": "120000" 
"ldap.referral": "false" 
"ldap.relaxed.dn.standardisation": "true" 
"ldap.roles.disabled": "true" 
"ldap.search.timelimit": "60000" 
"ldap.secure": "false" 
"ldap.url": "ldap://<IPAURL>" 
"ldap.user.displayname": "cn" 
"ldap.user.dn": "cn=users,cn=accounts" 
"ldap.user.email": "mail" 
"ldap.user.encryption": "sha" 
"ldap.user.filter": "(&(objectclass=posixAccount)(memberOf=cn=<JIRAGROUP>,cn=groups,cn=accounts,dc=<OURDOMAIN>))" 
"ldap.user.firstname": "givenName" 
"ldap.user.group": "memberOf" 
"ldap.user.lastname": "sn" 
"ldap.user.objectclass": "person" 
"ldap.user.password": "userPassword" 
"ldap.user.username": "uid" 
"ldap.user.username.rdn": "" 
"ldap.userdn": "uid=<OURSERVICEUSER>,cn=sysaccounts,cn=etc,dc=<OURDOMAIN>" 
"ldap.usermembership.use": "false" 
"ldap.usermembership.use.for.groups": "false" 
"localUserStatusEnabled": "false" 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Martin Kosek" <mkosek at redhat.com> 
To: "Christopher Lamb" <christopher.lamb at ch.ibm.com>, freeipa-users at redhat.com 
Sent: Wednesday, June 10, 2015 9:22:03 AM 
Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA 

On 06/08/2015 06:44 PM, Christopher Lamb wrote: 
> 
> Hi All 
> 
> we are interested to know if anybody has succeeded (or for that matter 
> failed) in using FreeIPA to provide user authentication for Atlassian 
> products such as JIRA or Confluence? 
> 
> Somewhere in an Atlassian ticket I saw that FreeIPA is not officially 
> supported, so I guess that should set our expectations ..... 
> 
> If anyone has succeeded, then of course any tips on how best to do so would 
> be fantastic! 

I saw reply in the threads, so it should be covered. 

BTW, please add +1s to respective Jira tickets to add proper FreeIPA support. 
It would be really cool if Jira would know FreeIPA out of the box and could 
connect to it natively! 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150610/4d97a3ff/attachment.htm>

More information about the Freeipa-users mailing list