JIRA's LDAP integration currently requires users to have accounts both in LDAP and in JIRA. For instance, if a user is added to LDAP, they will have no access to JIRA until someone creates them a JIRA username (and assigns it to groups).
The attached tool searches LDAP for user accounts, and generates a JIRA Jelly script which will create a JIRA user account for each LDAP account. Typically one would use this tool when first installing JIRA, to bulk-create JIRA users matching each LDAP account.
How to use
Download the current binary distribution. Alternatively, if you are Java-literate and keen, all current distributions contains source distributions. You can also get the source from Subversion at http://svn.atlassian.com/svn/public/contrib/jira/jira-ldap-userimporter/trunk.
Create a file,
ldap.properties, to specify your LDAP server's details. If you are unsure of these, first test with an LDAP browser (there are many LDAP browsers available on the internet, you can try using this LDAP browser or search for an alternative one). Here is a
ldap.properties configured for use against a local OpenLDAP directory:
Once you have created
java -jar jira-ldap-userimporter-1.1.jar. If you have the ldap.properties details correct, this command will result in XML text being printed to the console. Eg:
This text can now be redirected to a file, and fed to the Jelly Runner (see the Jelly docs).
However, first make sure that LDAP password checking is disabled (ie. there is no LDAPCredentialsProvider section in osuser.xml), otherwise the Jelly script will fail, claiming these users already exist.
Please raise a Support Request.
Exceeding your user limit on import?
If you are getting a
LimitExceededException, you may find these instructions from one of our customers helpful.
Thanks to Ricardo Sueiras
Username is converted to lowercase automatically