Reducing the number of users synchronized from LDAP to JIRA applications

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

If you have connected Jira applications to an LDAP directory for authentication, user and group management, you may want configure your applications to synchronize a subset of users from LDAP rather than all users. There are two reasons for why you might make this change:

  • Improving performance — If you have performance issues during synchronization process, you may be able to improve this by synchronizing a subset of data instead. See this knowledge base article for more information: Performance issues with large LDAP repository in Jira server.
  • Reducing your user count — You can synchronize a subset of users to Jira applications from LDAP to reduce your user count. This will allow you to count less users against your Jira application licenses. However, synchronizing a subset of users to Jira applications from LDAP is not the recommended method for reducing your Jira application user count. We recommend that you reduce the Jira application user count by deactivating the users within Jira. Check this page for more info on removing users from Jira.

Procedure

The procedure for configuring Jira applications to synchronize a different number of users from LDAP depends on how you initially set up your LDAP directory. For example, if you have all your Jira application users in one organizational unit and your non-Jira application users in another organizational unit, then you can simply configure Jira applications to only synchronize users against a particular DN (distinguished name). However, if your setup is not so simple (e.g. you have your Jira application users and non-Jira application users in the same node), you will need to define an LDAP filter to synchronize the relevant users. Both of these methods are outlined below.

Synchronizing against Base DN, Additional User DN and Additional Group DN

  1. Log in as a user with the Jira Administrators global permission.
  2. Select Administration > Users > User Directories.
  3. Update the Base DN field, and optionally the Additional User DN and/or Additional Group DN to query against the directory server as desired.
  4. For example, if you have configured all of your Jira application users in the jira-users organizational unit only, for your company at mycompany.example.com, your configuration would look like this:
    • Base DNdc=mycompany,dc=example,dc=com
    • Additional Group DNou=jira-users

Defining an LDAP filter

  1. Log in as a user with the Jira Administrators global permission.
    Select Administration > Users > User Directories.
  2. Update User Object Filter and/or Group Object Filter fields as desired. The syntax for LDAP filters is not simple and your query will depend on how you have set up your LDAP directory.
  3. For example, if you have configured only Jira application groups to have 'jira' in the CN, you can use a wildcard search in your filter to find them by setting the Group Object Filter = (objectCategory=group)(cn=*jira*)
    More information on defining LDAP filters is available in the pages linked in the Related Topics section below.



Related topics:

Performance issues with large LDAP repository in Jira server

Unable to create issues due to exceeded number of licenses

How to write LDAP search filters

MSDN guide to LDAP search filter syntax

Last modified on May 7, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.