Jira supports a wide range of LDAP servers, including Microsoft Active Directory, OpenLDAP, and the Novell eDirectory server. If a particular LDAP is not listed as one of the options, then we also have a Generic Directory Server option.
When using the AD/LDAP connector directory type, you can choose to connect with one of the permission options:
- Read only: Jira cannot make any modifications to the LDAP server.
- Read only, with local groups: Information retrieved from LDAP will be read-only, but you can also add users to groups created within Jira. These changes will not be reflected in LDAP.
- Read/Write: Jira will be able to retrieve and make changes to the LDAP server.
The Read only option is the most common option, as IT teams often centrally manage LDAP servers and changes are not allowed. With this option, Jira will only need read access to use data stored in LDAP to verify user credentials and group membership. If you only want to use LDAP as a user repository and authentication, but still want to have the flexibility to update group membership without having to get the LDAP team involved, then the Read only, with local groups option will be the best fit. Lastly, the Read/Write option should be avoided, as propagating changes to LDAP, such as group membership, can have an unforeseen impact on other systems also relying on the same LDAP server.
To connect your Jira to LDAP, all you have to do is add a new user directory as follows:
- Browse to the User Directories page.
- Click on the Add Directory button and select either Microsoft Active Directory or LDAP from the Directory Type select list, and then click on Next.
- Provide your LDAP server information.
Since every LDAP is different, the exact parameters that are required will vary. At a minimum, you need to provide the following information:
| Parameter | Description |
| Name | This is the name of the user directory. |
| Directory Type | This is where you select the flavor of your LDAP. This will help Jira to prefill some of the parameters for you. |
| Hostname | This is the hostname of your LDAP server. |
| Port | This is the port number of your LDAP server. Jira will prefill this based on your directory type selection. |
| Base DN | This is the root node for Jira to search for users and groups. |
| LDAP Permissions | This helps you choose whether Jira should be able to make changes to LDAP. |
| Username | This is the username that Jira will use to connect to LDAP for user and group information. |
| Password | This is the password that Jira will use to connect to LDAP. |
You can see these sections completed in the following screenshot:
Apart from the preceding parameters, there are additional advanced settings, such as User Schema Settings and Group Schema Settings. After filling in the form, you can click on the Quick Test button to verify that Jira is able to connect to your LDAP server and authenticate with the username and password provided. Note that this does not test for things such as the user lookup. If the initial quick test is successful, then you can go ahead and click on the Save and Test button. This will add the user directory and take you to the test page, where you can test the settings with a proper user credential (this will be different than the one used by Jira to connect to LDAP):
After the new user directory is added, Jira will automatically synchronize with the LDAP server and pull in users and groups. Depending on the size of your LDAP server, this may take some time to complete. After the initial synchronization, Jira will periodically perform incremental synchronization for any changes every 60 minutes.