...
Expand | ||||
---|---|---|---|---|
| ||||
|
Each directory has a different flavour of attribute naming for its record entries. Whatever it is for your LDAP server, you need to reflect it in the JEMH LDAP configuration.
...
Expand | ||||
---|---|---|---|---|
| ||||
|
JEMH configuration
LDAP settings
...
If you use a different directory, I will happily accept XML exports of your configuration for future inclusion in JEMH!
New LDAP Screen, concise summary | Expanded LDAP entry |
---|
Editing LDAP configuration
...
Info | ||||||
---|---|---|---|---|---|---|
User credential Encryption
User credentials (i.e. username and password) are now encrypted at REST for storage in the Database. Upgrading from a version before 4.1.23 to version 4.1.23 and above will result in all LDAP configurations being automatically updated to use encrypted user credentials. XML Exports of LDAP configurations will no longer export user credentials as plain text and any imports of an XML LDAP configuration will now require the re-validation of User credentials when the XML config is imported. |
Using Multiple Configurations
...
The Sort Order (set within the LDAP config itself) affects the lookup sequence when used in a Profile, highest values sort highest, eg in a profile, here ‘10’ will be tested first, when a users is found no further attempts to locate are made:
...
LDAP fields
Field | Example value |
---|---|
Object Filter | (initials=J) |
Object Class | user |
LDAP filter makeup
FYI, the final LDAP filter involved is built up from information provided as follows (actual values provided are in bold), %uid% would be the userId to lookup.
Search Base | LDAP Filter |
---|---|
additionalUserDN,baseDN | (&(objectClass=objectClass)(objectFilter)(userNameAttribute=%uid%)) |
Info |
---|
Additional User DNThe Additional User DN is an additional naming component that can be added. This allows a Base DN to be defined as 'root', with Users existing in a specific sub-location, that may differ from Groups (not yet implemented). The examples above show this configured for both Active Directory and ApacheDS. Valid BaseDN values could of course be prefixed with the content of this field. |
...
Tip |
---|
Additional ParamsConfiguration defined through the UI may not be applicable or 'perfect' for every LDAP environment, for this, the Additional Params allows key=value properties to be defined. You would use this if for example, you were running on a JRE that isn't Oracle as JEMH LDAP support makes use of Oracle specific com.sun..... properties for things such as timeouts). |
User creation settings
Set the User > Create users checkbox needs to be set
Set the User > Create User ID from field needs to be set to Alternate
Set the User > Alternate UserID lookup Mech to be LDAP
Set the User > Selected LDAP Config to be the LDAP configuration required
After which your configuration should look something like:
Editing | After Saving |
---|
Note that there is an option to stop validation-before-saving, enabling quick entry of all the fields then per-field fixes. The intention is to stop arbitrary changes from breaking the configuration.
...
The result of running this testcase is:
JEMH will not find a pre-existing user with that email address
JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess', any match will return a user entity containing the Primary 'mail' addresss and related userId for creation in JIRA.
Example of Alternative ID lookup
...
The result of running this testcase is:
JEMH will not find a pre-existing user with that email address
JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess'. A direct Match is found. The
sAMAccountName
(the userid) is found to pre-exist in JIRA, and so that account is used as a basis for the 'reporter'. No additional user creation has occurred.
Example of unknown Alternative ID lookup
...
The result of running this testcase is:
JEMH will not find a pre-existing user with that email address
JEMH will lookup ActiveDirectory for Primary 'mail' attribute matches, as well as 'proxyAddressess'. In this example, no match is found.
If user creation is enabled, and the sender email address is not blacklisted in the JEMH profile, the sender will have a new user account created. If no user is created, the email sender will effectively be treated as a non-jira user as no JIRA user account is associated.
Distribution list expansion
...
Filter by label (Content by label) | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|