Versions Compared

Old Version 1

changes.mady.by.user Andy Brook [Plugin People]

Saved on

compared with

New Version Current

changes.mady.by.user Finn Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleShow example LDAP server connection configurations...


 Apache Directory

Image RemovedImage RemovedImage Removed
Image AddedImage AddedImage Added


Active Directory

Image RemovedImage RemovedImage Removed
Image AddedImage AddedImage Added



Each directory has a different flavour of attribute naming for its record entries. Whatever it is for your LDAP server, you need to reflect it in the JEMH LDAP configuration.

...

Expand
titleShow example LDAP record entries...


Apache DS

Active Directory

Image Removed
Image Added
Image Removed
Image Added



JEMH configuration

LDAP settings

...

(info) If you use a different directory, I will happily accept XML exports of your configuration for future inclusion in JEMH!

New LDAP Screen, concise summary

Expanded LDAP entry

Image Removed
Image Added

Image Removed
Image Added

Editing LDAP configuration

...

Info

User credential Encryption
Status
colourGreen
titleSince 4.1.23

User credentials (i.e. username and password) are now encrypted at REST for storage in the Database. Upgrading from a version before 4.1.23 to version 4.1.23 and above will result in all LDAP configurations being automatically updated to use encrypted user credentials. XML Exports of LDAP configurations will no longer export user credentials as plain text and any imports of an XML LDAP configuration will now require the re-validation of User credentials when the XML config is imported.

Using Multiple Configurations

Just select them:

...

Sort Order (when using Multiple LDAP configs in a Profile)

The Sort Order (set within the LDAP config itself) affects the lookup sequence when used in a Profile, highest values sort highest, eg in a profile, here ‘10’ will be tested first, when a users is found no further attempts to locate are made:

...

LDAP fields

Field

Example value

Object Filter

(initials=J)

Object Class

user

LDAP filter makeup

FYI, the final LDAP filter involved is built up from information provided as follows (actual values provided are in bold), %uid% would be the userId to lookup.

Search Base

LDAP Filter

additionalUserDN,baseDN

(&(objectClass=objectClass)(objectFilter)(userNameAttribute=%uid%))


Info

Additional User DN

The Additional User DN is an additional naming component that can be added. This allows a Base DN to be defined as 'root', with Users existing in a specific sub-location, that may differ from Groups (not yet implemented). The examples above show this configured for both Active Directory and ApacheDS. Valid BaseDN values could of course be prefixed with the content of this field.

...

Tip

Additional Params

Configuration defined through the UI may not be applicable or 'perfect' for every LDAP environment, for this, the Additional Params allows key=value properties to be defined. You would use this if for example, you were running on a JRE that isn't Oracle as JEMH LDAP support makes use of Oracle specific com.sun..... properties for things such as timeouts).

User creation settings

  1. Set the User > Create users checkbox needs to be set

  2. Set the User > Create User ID from field needs to be set to Alternate

  3. Set the User > Alternate UserID lookup Mech to be LDAP

  4. Set the User > Selected LDAP Config to be the LDAP configuration required

After which your configuration should look something like:

Editing

After Saving

Image Removed
Image Added
Image Removed
Image Added

(info) Note that there is an option to stop validation-before-saving, enabling quick entry of all the fields then per-field fixes. The intention is to stop arbitrary changes from breaking the configuration.

...

The result of running this testcase is:

  1. JEMH will not find a pre-existing user with that email address

  2. JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess', any match will return a user entity containing the Primary 'mail' addresss and related userId for creation in JIRA.

Example of Alternative ID lookup

...

The result of running this testcase is:

  1. JEMH will not find a pre-existing user with that email address

  2. JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess'. A direct Match is found. The sAMAccountName (the userid) is found to pre-exist in JIRA, and so that account is used as a basis for the 'reporter'. No additional user creation has occurred.

Example of unknown Alternative ID lookup

...

The result of running this testcase is:

  1. JEMH will not find a pre-existing user with that email address

  2. JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess'.  In this example, no match is found.

  3. If user creation is enabled, and the sender email address is not blacklisted in the JEMH profile, the sender will have a new user account created.  If no user is created, the email sender will effectively be treated as a non-jira user as no JIRA user account is associated.

Distribution list expansion

...

Filter by label (Content by label)
page
showLabelsfalse
max56
spacesJEMH
showSpacefalse
sortmodified
showSpacetypefalsepage
reversetruetype
labelsevent listener jemh issue notification
cqllabel in ( "ldap" , "user-creation" , "user" ) and type = "page" and space = "JEMH"labelsevent listener jemh issue notification