JIRA用微软的ActiveDirectory做LDAP认证

 

- Reference

http://www.atlassian.com/software/jira/docs/v3.13.4/ldap.html
http://www.atlassian.com/software/jira/docs/v3.13.4/configure.html#options
http://confluence.atlassian.com/display/JIRA/Importing+user+from+LDAP
http://www.atlassian.com/software/jira/docs/v3.13.4/jelly.html

- Outline

1. configurate to ldap on browser
2. update configuration to osuser.xml
3. enable External password management
4. Import users from ldap

- 操作要点
1. AD"s DN
Bind DN(principal):  user@domain
2. AD"s UID
Search Attribute(uidSearchName): sAMAccountName
3. Enable External password management
Admin -> Global Settings->Global Configuration->Options: edit configuration
External password management = true
4. jira-ldap-userimporter encounter LDAP: error code 4 - Sizelimit Exceeded
原因是AD有输出的上限，据说可以调高（不会），解决办法可以用query=(objectclass=* and username=A*)的方式，分批导入，此方法被忽略。
实际解决方法，用第三方工具（Keyword=Ldap browser）导出用户信息，然后自己生成jelly格式
jira-jelly-userimport.xml
<JiraJelly xmlns:jira="jelly:com.atlassian.jira.jelly.JiraTagLib">
  <jira:CreateUser username="nobody" password="nobody" confirm="nobody" fullname="nobody" email="nobody@atlassian.com"/>
  <jira:CreateUser username="jturner" password="jturner" confirm="jturner" fullname="Jeff Turner" email="jturner@atlassian.com"/>
  <jira:CreateUser username="anonymous" password="anonymous" confirm="anonymous" fullname="anonymous" email="anonymous@atlassian.com"/>
  <jira:CreateUser username="devuser" password="devuser" confirm="devuser" fullname="devuser" email="devuser@atlassian.com"/>
</JiraJelly>