Documentation for JIRA 4.4. Documentation for other versions of JIRA is available too.

Skip to end of metadata
Go to start of metadata

JIRA's LDAP integration currently requires users to have accounts both in LDAP and in JIRA. For instance, if a user is added to LDAP, they will have no access to JIRA until someone creates them a JIRA username (and assigns it to groups).

The attached tool searches LDAP for user accounts, and generates a JIRA Jelly script which will create a JIRA user account for each LDAP account. Typically one would use this tool when first installing JIRA, to bulk-create JIRA users matching each LDAP account.

How to use

Download the current binary distribution. Alternatively, if you are Java-literate and keen, all current distributions contains source distributions. You can also get the source from Subversion at http://svn.atlassian.com/svn/public/contrib/jira/jira-ldap-userimporter/trunk.

Create a file, ldap.properties, to specify your LDAP server's details. If you are unsure of these, first test with an LDAP browser (there are many LDAP browsers available on the internet, you can try using this LDAP browser or search for an alternative one). Here is a ldap.properties configured for use against a local OpenLDAP directory:

# Configuration file for JIRA's LDAP user importer

# URL of your LDAP server, Eg:
java.naming.provider.url=ldap://192.168.0.74

# Username and password of account that has privileges to loop through all users, eg:
java.naming.security.principal=cn=admin,dc=atlassian,dc=com
java.naming.security.credentials=secret

# LDAP node below which we should search, eg:
searchbase=ou=People,dc=atlassian,dc=com

# LDAP query run below 'searchbase' identifying user nodes, eg:
query=(objectclass=*)

# Name of record in nodes which should become the username in JIRA, eg:
username_attr=uid

# Record that contains the user's full name. When commented out, defaults to username_attr value. Eg:
fullname_attr=cn

# Record that specifies the user's email address. When commented out, username_attr value with email_suffix appended will be used
#email_attr=
email_suffix=@atlassian.com


# Generally you don't want to touch this
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

Once you have created ldap.properties, run java -jar jira-ldap-userimporter-1.1.jar. If you have the ldap.properties details correct, this command will result in XML text being printed to the console. Eg:

This text can now be redirected to a file, and fed to the Jelly Runner (see the Jelly docs).
However, first make sure that LDAP password checking is disabled (ie. there is no LDAPCredentialsProvider section in osuser.xml), otherwise the Jelly script will fail, claiming these users already exist.

Additional Options

Check Bob Swift's JIRA Command Line Interface for another great way to import users. See the addUser commands on the page; it includes importing from a file.

Feedback? Problem

Please raise a Support Request.

Exceeding your user limit on import?

Icon

If you are getting a LimitExceededException, you may find these instructions from one of our customers helpful.

Thanks to Ricardo Sueiras

Version History

Version

Comments

1.1

Username is converted to lowercase automatically

1.0

First Released

  • No labels