LDAP import
Maybe you work with a corporate directory that contains your assets or employee-manager relationships used for approval processes. Such LDAP entries can be imported in Insight. To make things easy, Insight has modules that works with popular LDAP directories, which fetch the structure and the assets from your directory. This article shows you how to set this up. Learn more about importing
Overview
An LDAP directory is a collection of data about users and other assets. LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those assets from the LDAP server.
We provide a built-in connectors for the most popular LDAP directory servers:
- Microsoft Active Directory
- Apache Directory Server (ApacheDS)
- Apple Open Directory
- Fedora Directory Server
- Novell eDirectory
- OpenDS
- OpenLDAP
- OpenLDAP Using Posix Schema
- Posix Schema for LDAP
- Sun Directory Server Enterprise Edition (DSEE)
- A generic LDAP directory server
LDAPS validation
LDAPS (Secure LDAP) is supported and does not have any special requirements from Insight to work.
If you are trying to import from an LDAPS source, you can choose to validate the LDAP server certificate with an imported Certificate Authority (CA) certificate. If you select to validate the LDAP server certificate, you must import the root CA certificate from the CA that signed the LDAP server certificate, so your Jira can use the CA certificate to validate the LDAP server certificate. More information is explained here.
Be sure to change the port to 3269. This is due to the fact that a GC (global catalog) server returns referrals on 389 which refers to the greater AD "forest" , but acts like a regular LDAP server on 3268 (and 3269 for LDAPS) when changing from LDAP to LDAPS.
Import fields
Once you've chosen your import type, you'll need to enter details about it. Here's the description of fields you should see in Insight.
Pre-defined structure and configuration
In the next step, after you've filled in the required fields, Insight will ask you whether you want to create a predefined structure (object type mappings) and configuration (attribute mappings). Details of this will differ depending on the import type. Some object type mappings are disabled by default, so make sure to select the relevant ones.
You can import users or groups from only one Organizational Unit (OU) during an Insight LDAP import. For more information, see How to import users or groups from specific OUs with Insight LDAP import.
Here's some details for the LDAP import:
Import configuration created
You can now view your import configuration, but it's not ready yet. You still need to create or review the object type and attribute mapping, and make sure there are no problems with your import configuration.
When you're ready, go to 2. Create object type and attribute mapping.
Before you go
In the next step, you'll create the object mapping settings. Here are some settings specific to the LDAP import type.
Object type mapping
Name | Description |
---|---|
Selector | In the LDAP import type the Selector is prepended to the Base DN value before the search in LDAP is executed. The value is used to narrow down the structured tree in the LDAP to specific nodes. The search filter will be the same as specified in the general configuration but the selector will narrow the scope where the search filter is applied. For example: If the Base DN is dc=ad,dc=example,dc=com and the Selector is cn=users the resulting LDAP search base will be cn=users,dc=ad,dc=example,dc=com. |