<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information.<div class=""><br class=""></div><div class="">Cheers, Brian</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jun 10, 2015, at 12:47 AM, Sandor Juhasz <<a href="mailto:sjuhasz@chemaxon.com" class="">sjuhasz@chemaxon.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt;" class=""><div class="">Hi,</div><div class=""><br data-mce-bogus="1" class=""></div><div class="">here are our working configurations. Might be useful.</div><div class="">We use compat tree for auth.</div><div class="">We use user in group matching.</div><div class="">We use group filter for login authorization.</div><div class="">We use FedoraDS as ldap connector on JIRA's side.</div><div class="">We don't use pw change or user create in IPA from JIRA side.</div><div class="">Watch out not to have matching local users/groups or you will suffer bigtime.</div><div class="">Initially it was setup not to use ldap groups, but was changed afterwards by </div><div class="">creating all new groups in ldap for this purpose and readding the users.</div><div class="">We use ldap service user for binding - <a href="https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA" class="">https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA</a>.</div><div class=""><br data-mce-bogus="1" class=""></div><div class="">Attributes: <br class=""> "autoAddGroups": ""<br class=""> "com.atlassian.crowd.directory.sync.currentstartsynctime": "null"<br class=""> "com.atlassian.crowd.directory.sync.issynchronising": "false"<br class=""> "com.atlassian.crowd.directory.sync.lastdurationms": "373"<br class=""> "com.atlassian.crowd.directory.sync.laststartsynctime": "1433920165776"<br class=""> "crowd.sync.incremental.enabled": "false"<br class=""> "directory.cache.synchronise.interval": "3600"<br class=""> "ldap.basedn": "dc=<OURDOMAIN>"<br class=""> "ldap.connection.timeout": "0"<br class=""> "ldap.external.id": ""<br class=""> "ldap.group.description": "description"<br class=""> "ldap.group.dn": "cn=groups,cn=compat"<br class=""> "ldap.group.filter": "(&(objectClass=posixgroup)(|(cn=<COMPANYGROUP>)(cn=<TEAMGROUPS>)(cn=<JIRAGROUP>)))"<br class=""> "ldap.group.name": "cn"<br class=""> "ldap.group.objectclass": "groupOfUniqueNames"<br class=""> "ldap.group.usernames": "memberUid"<br class=""> "ldap.local.groups": "false"<br class=""> "ldap.nestedgroups.disabled": "true"<br class=""> "ldap.pagedresults": "false"<br class=""> "ldap.pagedresults.size": "1000"<br class=""> "ldap.password": ********<br class=""> "ldap.pool.initsize": "null"<br class=""> "ldap.pool.maxsize": "null"<br class=""> "ldap.pool.prefsize": "null"<br class=""> "ldap.pool.timeout": "0"<br class=""> "ldap.propogate.changes": "false"<br class=""> "ldap.read.timeout": "120000"<br class=""> "ldap.referral": "false"<br class=""> "ldap.relaxed.dn.standardisation": "true"<br class=""> "ldap.roles.disabled": "true"<br class=""> "ldap.search.timelimit": "60000"<br class=""> "ldap.secure": "false"<br class=""> "ldap.url": "ldap://<IPAURL>"<br class=""> "ldap.user.displayname": "cn"<br class=""> "ldap.user.dn": "cn=users,cn=accounts"<br class=""> "ldap.user.email": "mail"<br class=""> "ldap.user.encryption": "sha"<br class=""> "ldap.user.filter": "(&(objectclass=posixAccount)(memberOf=cn=<JIRAGROUP>,cn=groups,cn=accounts,dc=<OURDOMAIN>))"<br class=""> "ldap.user.firstname": "givenName"<br class=""> "ldap.user.group": "memberOf"<br class=""> "ldap.user.lastname": "sn"<br class=""> "ldap.user.objectclass": "person"<br class=""> "ldap.user.password": "userPassword"<br class=""> "ldap.user.username": "uid"<br class=""> "ldap.user.username.rdn": ""<br class=""> "ldap.userdn": "uid=<OURSERVICEUSER>,cn=sysaccounts,cn=etc,dc=<OURDOMAIN>"<br class=""> "ldap.usermembership.use": "false"<br class=""> "ldap.usermembership.use.for.groups": "false"<br class=""> "localUserStatusEnabled": "false"</div><div class=""><br class=""></div><div data-marker="__SIG_PRE__" class=""><div class=""><small style="font-size: 10pt; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" data-mce-style="font-size: 10pt; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" class=""><span face="Verdana" style="font-size: 10pt; color: #077179; font-family: Verdana;" data-mce-style="font-size: 10pt; color: #077179; font-family: Verdana;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><b style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class="">Sándor Juhász</b></small></span></small><br style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" data-mce-style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" class=""></div><div style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" data-mce-style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><span face="Verdana" style="font-size: 10pt; font-family: Verdana;" data-mce-style="font-size: 10pt; font-family: Verdana;" class=""><span style="font-size: 10pt; color: #666666;" data-mce-style="font-size: 10pt; color: #666666;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class="">System Administrator</small></span><br style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""></span><span style="font-size: 10pt; color: #fca311;" data-mce-style="font-size: 10pt; color: #fca311;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><span face="Verdana" style="font-size: 10pt; font-family: Verdana;" data-mce-style="font-size: 10pt; font-family: Verdana;" class=""><b style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><big style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class="">ChemAxon</big></b></span></small></small></span><span face="Verdana" style="font-size: 10pt; font-family: Verdana;" data-mce-style="font-size: 10pt; font-family: Verdana;" class=""><span style="font-size: 10pt; color: #fca311;" data-mce-style="font-size: 10pt; color: #fca311;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""> <b style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class="">Ltd</b>.</small></span><br style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><small style="font-size: 10pt;" data-mce-style="font-size: 10pt;" class=""><span style="font-size: 10pt; color: #666666;" data-mce-style="font-size: 10pt; color: #666666;" class=""></span></small></span></small></div><div style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" data-mce-style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" class=""><span style="color: #666666; font-size: 10pt; font-family: Verdana;" data-mce-style="color: #666666; font-size: 10pt; font-family: Verdana;" class="">Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031</span></div><div style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" data-mce-style="font-size: 13px; font-family: 'Segoe UI', 'Lucida Sans', sans-serif; background-color: #fdfdfd;" class=""><span style="color: #666666; font-size: 10pt; font-family: Verdana;" data-mce-style="color: #666666; font-size: 10pt; font-family: Verdana;" class=""><span style="color: #666666; font-family: Verdana; font-size: 13px; background-color: #fdfdfd;" data-mce-style="color: #666666; font-family: Verdana; font-size: 13px; background-color: #fdfdfd;" class="">Cell: +36704258964</span></span></div></div><br class=""><hr id="zwchr" data-marker="__DIVIDER__" class=""><div data-marker="__HEADERS__" class=""><b class="">From: </b>"Martin Kosek" <<a href="mailto:mkosek@redhat.com" class="">mkosek@redhat.com</a>><br class=""><b class="">To: </b>"Christopher Lamb" <<a href="mailto:christopher.lamb@ch.ibm.com" class="">christopher.lamb@ch.ibm.com</a>>, <a href="mailto:freeipa-users@redhat.com" class="">freeipa-users@redhat.com</a><br class=""><b class="">Sent: </b>Wednesday, June 10, 2015 9:22:03 AM<br class=""><b class="">Subject: </b>Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA<br class=""></div><br class=""><div data-marker="__QUOTED_TEXT__" class="">On 06/08/2015 06:44 PM, Christopher Lamb wrote:<br class="">> <br class="">> Hi All<br class="">> <br class="">> we are interested to know if anybody has succeeded (or for that matter<br class="">> failed) in using FreeIPA  to provide user authentication for Atlassian<br class="">> products such as JIRA or Confluence?<br class="">> <br class="">> Somewhere in an Atlassian ticket I saw that FreeIPA is not officially<br class="">> supported, so I guess that should set our expectations .....<br class="">> <br class="">> If anyone has succeeded, then of course any tips on how best to do so would<br class="">> be fantastic!<br class=""><br class="">I saw reply in the threads, so it should be covered.<br class=""><br class="">BTW, please add +1s to respective Jira tickets to add proper FreeIPA support.<br class="">It would be really cool if Jira would know FreeIPA out of the box and could<br class="">connect to it natively!<br class=""><br class="">-- <br class="">Manage your subscription for the Freeipa-users mailing list:<br class=""><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" class="">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br class="">Go to http://freeipa.org for more info on the project<br class=""></div></div></div>-- <br class="">Manage your subscription for the Freeipa-users mailing list:<br class=""><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" class="">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br class="">Go to http://freeipa.org for more info on the project</div></blockquote></div><br class=""></div></body></html>