I have just setup my Jira and Confluence instances to use my FreeIPA instance as their user directory. I'm leaving this message on how I did it in the hope somebody else find it useful.
Note: I did this with Confluence version 6.10.1 and Jira version 7.12.0 For confluence you should create the groups "confluence-administrators" and "confluence-users", and for Jira you should create the groups "jira-software-administrators" and "jira-software-users" Please note that only users that are part of confluence-users or jira-software-users will be recognized by Confluence and Jira respectively. If you wan't a different set of users to appear in Confluence and Jira change the User Object Filter field appropriately. Add a new LDAP user directory and configure as follows. This applied to both Confluence and Jira: Server Settings: - Namel: FreeIPA - Directory Type: OpenLDAP - Server: example.com - Port: 389 - Use SLL: false # Believe that you gonna to add the FreeIPA CA to the jdk cert store in order to enable this - Username: uid=admin,cn=users,cn=accounts,dc=example,dc=com # change admin to a service specfic account - Password: <insert password here> LDAP Schema: - Base DN: dc=example,dc=com - Additional User DN: cn=users,cn=accounts - Additional Group DN: cn=groups,cn=accounts LDAP Permissions: Read Only Advanced Settings: <default settings> User Schema Settings: - User Object Class: inetorgperson - User Object Filter: - for confluence: (&(objectclass=inetorgperson)(memberOf=cn=confluence-users,cn=groups,cn=accounts,dc=example,dc=com)) - for jira: (&(objectclass=inetorgperson)(memberOf=cn=jira-software-users,cn=groups,cn=accounts,dc=example,dc=com)) - User Name Attribute: uid - User Name RDN Attribute: uid - User First Name Attriute: givenName # This is wrong, FreeIPA doesn't seem to have anything fits this field - User Last Name Attribute: sn - User Display Name Attribute: displayName - User Email Attribute: mail - User Password Attribute: userPassword - User Password Encryption: SHA - User Unique ID Attribute: ipaUniqueID Group Schema Settings: - Group Object Class: groupofnames - Group Object Filter: (objectclass=groupofnames) Note: "groupofnames" should be all lowercase - Group Name Attribute: cn - Group Description Attribute: description Membership Schema Settings: - Group Members Attribute: member - User Membership Attribute: memberOf - Use the User Membership Attribute: false # I'm not sure what to set this to, but this works One thing I haven't looked into that might be relevant to set under Advanced Settings is the Enabled Nested Groups setting. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
