Reduce the number of users synchronised from LDAP to JIRA

If you have connected JIRA to an LDAP directory for authentication, user and group management, you may want configure JIRA to synchronise a subset of users from LDAP rather than all users. There are two reasons for why you might make this change:

  • Improving performance — If you have performance issues during synchronisation process, you may be able to improve this by synchronising a subset of data instead. See this knowledge base article for more information: Performance Issues with Large LDAP Repository - 100,000 users or more.
  • Reducing your user count (not recommended) — You can synchronise a subset of users to JIRA from LDAP to reduce your user count. This will allow you to count less users against your JIRA license. However, synchronising a subset of users to JIRA from LDAP is not the recommended method for reducing your user count in JIRA.

Procedure

The procedure for configuring JIRA to synchronise a different number of users from LDAP depends on how you initially set up your LDAP directory. For example, if you have all your JIRA users in one organisational unit and your non-JIRA users in another organisational unit, then you can simply configure JIRA to only synchronise users against a particular DN (distinguished name). However, if your setup is not so simple (e.g. you have your JIRA users and non-JIRA users in the same node), you will need to define an LDAP filter to synchronise the relevant users. Both of these methods are outlined below.

Synchronising against Base DN, Additional User DN and Additional Group DN

  1. Log in as a user with the JIRA Administrators global permission.
  2. Select Administration > Users > User Directories.
    (tick) Keyboard shortcut: g + g + start typing directories.
  3. Update the Base DN field, and optionally the Additional User DN and/or Additional Group DN to query against the directory server as desired.
    For example, if you have configured all of your JIRA users in the jira-users organisational unit only, for your company at mycompany.example.com, your configuration would look like this:
    • Base DNdc=mycompany,dc=example,dc=com
    • Additional Group DNou=jira-users

Defining an LDAP filter

  1. Log in as a user with the JIRA Administrators global permission.
    Select Administration > Users > User Directories.
    (tick) Keyboard shortcut: g + g + start typing directories
  2. Update User Object Filter and/or Group Object Filter fields as desired. The syntax for LDAP filters is not simple and your query will depend on how you have set up your LDAP directory.
    For example, if you have configured only JIRA groups to have 'jira' in the CN, you can use a wildcard search in your filter to find them by setting the Group Object Filter = (objectCategory=group)(cn=*jira*)
    More information on defining LDAP filters is available in the pages linked in the Related Topics section below.


Related topics:

Performance Issues with Large LDAP Repository - 100,000 users or more

Unable to create issues due to exceeded number of licenses

How to write LDAP search filters

MSDN guide to LDAP search filter syntax

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport