Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Hi Martin I have taken the plunge, and created a detailed HOWTO at http://www.freeipa.org/page/HowTos/LDAP_authentication_for_Atlassian_JIRA_using_FreeIPA @Petr, for the moment I have left your HOWTO / link in place, but have also linked to that thread from my HOWTO. I hope it helps Chris From: Martin Kosek mko...@redhat.com To: Brian Topping brian.topp...@gmail.com, Sandor Juhasz sjuh...@chemaxon.com Cc: freeipa-users@redhat.com Date: 10.06.2015 12:13 Subject:Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA Sent by:freeipa-users-boun...@redhat.com Cool, I am glad you made this working. BTW, would any of you mind volunteering and helping the FreeIPA community with contributing a HOWTO article on how to configure FreeIPA and Jira? It is still missing in FreeIPA.org wiki. All we have right now is the link to this discussion, that Petr Spacek added to http://www.freeipa.org/page/HowTos#Web_Services It would be really nice to also have a real page that others can follow and use. Thank you! Martin On 06/10/2015 11:29 AM, Brian Topping wrote: FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information. Cheers, Brian On Jun 10, 2015, at 12:47 AM, Sandor Juhasz sjuh...@chemaxon.com wrote: Hi, here are our working configurations. Might be useful. We use compat tree for auth. We use user in group matching. We use group filter for login authorization. We use FedoraDS as ldap connector on JIRA's side. We don't use pw change or user create in IPA from JIRA side. Watch out not to have matching local users/groups or you will suffer bigtime. Initially it was setup not to use ldap groups, but was changed afterwards by creating all new groups in ldap for this purpose and readding the users. We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA . Attributes: autoAddGroups: com.atlassian.crowd.directory.sync.currentstartsynctime: null com.atlassian.crowd.directory.sync.issynchronising: false com.atlassian.crowd.directory.sync.lastdurationms: 373 com.atlassian.crowd.directory.sync.laststartsynctime: 1433920165776 crowd.sync.incremental.enabled: false directory.cache.synchronise.interval: 3600 ldap.basedn: dc=OURDOMAIN ldap.connection.timeout: 0 ldap.external.id: ldap.group.description: description ldap.group.dn: cn=groups,cn=compat ldap.group.filter: ((objectClass=posixgroup)(| (cn=COMPANYGROUP)(cn=TEAMGROUPS)(cn=JIRAGROUP))) ldap.group.name: cn ldap.group.objectclass: groupOfUniqueNames ldap.group.usernames: memberUid ldap.local.groups: false ldap.nestedgroups.disabled: true ldap.pagedresults: false ldap.pagedresults.size: 1000 ldap.password: ldap.pool.initsize: null ldap.pool.maxsize: null ldap.pool.prefsize: null ldap.pool.timeout: 0 ldap.propogate.changes: false ldap.read.timeout: 12 ldap.referral: false ldap.relaxed.dn.standardisation: true ldap.roles.disabled: true ldap.search.timelimit: 6 ldap.secure: false ldap.url: ldap://IPAURL ldap.user.displayname: cn ldap.user.dn: cn=users,cn=accounts ldap.user.email: mail ldap.user.encryption: sha ldap.user.filter: ((objectclass=posixAccount)(memberOf=cn=JIRAGROUP,cn=groups,cn=accounts,dc=OURDOMAIN)) ldap.user.firstname: givenName ldap.user.group: memberOf ldap.user.lastname: sn ldap.user.objectclass: person ldap.user.password: userPassword ldap.user.username: uid ldap.user.username.rdn: ldap.userdn: uid=OURSERVICEUSER,cn=sysaccounts,cn=etc,dc=OURDOMAIN ldap.usermembership.use: false ldap.usermembership.use.for.groups: false localUserStatusEnabled: false Sándor Juhász System Administrator ChemAxon Ltd. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 9:22:03 AM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA On 06/08/2015 06:44 PM, Christopher Lamb wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! I saw reply in the threads, so it should be covered. BTW, please add +1s to respective Jira tickets to add proper FreeIPA support. It would be really cool if Jira would know FreeIPA out of the box and could connect to it natively! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Cool, I am glad you made this working. BTW, would any of you mind volunteering and helping the FreeIPA community with contributing a HOWTO article on how to configure FreeIPA and Jira? It is still missing in FreeIPA.org wiki. All we have right now is the link to this discussion, that Petr Spacek added to http://www.freeipa.org/page/HowTos#Web_Services It would be really nice to also have a real page that others can follow and use. Thank you! Martin On 06/10/2015 11:29 AM, Brian Topping wrote: FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information. Cheers, Brian On Jun 10, 2015, at 12:47 AM, Sandor Juhasz sjuh...@chemaxon.com wrote: Hi, here are our working configurations. Might be useful. We use compat tree for auth. We use user in group matching. We use group filter for login authorization. We use FedoraDS as ldap connector on JIRA's side. We don't use pw change or user create in IPA from JIRA side. Watch out not to have matching local users/groups or you will suffer bigtime. Initially it was setup not to use ldap groups, but was changed afterwards by creating all new groups in ldap for this purpose and readding the users. We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA. Attributes: autoAddGroups: com.atlassian.crowd.directory.sync.currentstartsynctime: null com.atlassian.crowd.directory.sync.issynchronising: false com.atlassian.crowd.directory.sync.lastdurationms: 373 com.atlassian.crowd.directory.sync.laststartsynctime: 1433920165776 crowd.sync.incremental.enabled: false directory.cache.synchronise.interval: 3600 ldap.basedn: dc=OURDOMAIN ldap.connection.timeout: 0 ldap.external.id: ldap.group.description: description ldap.group.dn: cn=groups,cn=compat ldap.group.filter: ((objectClass=posixgroup)(|(cn=COMPANYGROUP)(cn=TEAMGROUPS)(cn=JIRAGROUP))) ldap.group.name: cn ldap.group.objectclass: groupOfUniqueNames ldap.group.usernames: memberUid ldap.local.groups: false ldap.nestedgroups.disabled: true ldap.pagedresults: false ldap.pagedresults.size: 1000 ldap.password: ldap.pool.initsize: null ldap.pool.maxsize: null ldap.pool.prefsize: null ldap.pool.timeout: 0 ldap.propogate.changes: false ldap.read.timeout: 12 ldap.referral: false ldap.relaxed.dn.standardisation: true ldap.roles.disabled: true ldap.search.timelimit: 6 ldap.secure: false ldap.url: ldap://IPAURL ldap.user.displayname: cn ldap.user.dn: cn=users,cn=accounts ldap.user.email: mail ldap.user.encryption: sha ldap.user.filter: ((objectclass=posixAccount)(memberOf=cn=JIRAGROUP,cn=groups,cn=accounts,dc=OURDOMAIN)) ldap.user.firstname: givenName ldap.user.group: memberOf ldap.user.lastname: sn ldap.user.objectclass: person ldap.user.password: userPassword ldap.user.username: uid ldap.user.username.rdn: ldap.userdn: uid=OURSERVICEUSER,cn=sysaccounts,cn=etc,dc=OURDOMAIN ldap.usermembership.use: false ldap.usermembership.use.for.groups: false localUserStatusEnabled: false Sándor Juhász System Administrator ChemAxon Ltd. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 9:22:03 AM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA On 06/08/2015 06:44 PM, Christopher Lamb wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! I saw reply in the threads, so it should be covered. BTW, please add +1s to respective Jira tickets to add proper FreeIPA support. It would be really cool if Jira would know FreeIPA out of the box and could connect to it natively! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Hi All Thanks to Brian and Sandor for their input so far - this gives me another approach to try. From my side this is a work-in-progress report: we have got something working, but are not quite happy with it. Stepping back a bit: I suspect there are a number of integration approaches that may (or may not) work. Atlassian offer several default ldap configurations inc. the FedoraDS mentioned by Sando. Probably several of these can be massaged / bullied to work with FreeIPA with varying degrees of effort / pain. There seem also to be several possible integration use-cases, ranging from full bidirectional replication of ldap users and groups down to simple read-only* authentication only. In our case we want to take a simple approach: in fact we have tried 2 methods so far. 1) We first tried a one-way replication of FreeIPA users and groups to JIRA, as described here: https://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP +Directory We used the A generic LDAP directory server standard config with some values changed for the FreeIPA equivalents. While we were successfully able to connect from JIRA to FreeIPA, and users replicated across, groups did not - it failed at the point of group membership. Also the users could not login (but that is maybe because - from a JIRA point of view - the users had no groups). We did not spend long on this approach, so it is possible that with a little more tweaking we could get it to work. 2) We next tried an even simpler approach - using LDAP only for authentication. https://confluence.atlassian.com/display/JIRA/Connecting+to+an+Internal +Directory+with+LDAP+Authentication Under this approach, when a user first tries to logon to JIRA the user is authenticated and replicated to JIRA. Groups remain local the JIRA directory (although a default group e.g. jira-users can be setup.) This approach is suitable when only a subset of LDAP users need JIRA access. Being one-way there should be no danger of JIRA screwing the LDAP. While we can successfully authenticate FreeIPA users (and thus login and work in JIRA) with this approach, so far we have not been able to get the email address to replicate from FreeIPA to JIRA (and without working email notifications JIRA is rendered as useful as a chocolate teapot) We will continue experimenting (we now have a suggested config from Sandor below as a further variant). Once we get something satisfactory working I would be pleased to contribute to a wiki-page on the topic. Cheers Chris From: Martin Kosek mko...@redhat.com To: Brian Topping brian.topp...@gmail.com, Sandor Juhasz sjuh...@chemaxon.com Cc: freeipa-users@redhat.com Date: 10.06.2015 12:13 Subject:Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA Sent by:freeipa-users-boun...@redhat.com Cool, I am glad you made this working. BTW, would any of you mind volunteering and helping the FreeIPA community with contributing a HOWTO article on how to configure FreeIPA and Jira? It is still missing in FreeIPA.org wiki. All we have right now is the link to this discussion, that Petr Spacek added to http://www.freeipa.org/page/HowTos#Web_Services It would be really nice to also have a real page that others can follow and use. Thank you! Martin On 06/10/2015 11:29 AM, Brian Topping wrote: FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information. Cheers, Brian On Jun 10, 2015, at 12:47 AM, Sandor Juhasz sjuh...@chemaxon.com wrote: Hi, here are our working configurations. Might be useful. We use compat tree for auth. We use user in group matching. We use group filter for login authorization. We use FedoraDS as ldap connector on JIRA's side. We don't use pw change or user create in IPA from JIRA side. Watch out not to have matching local users/groups or you will suffer bigtime. Initially it was setup not to use ldap groups, but was changed afterwards by creating all new groups in ldap for this purpose and readding the users. We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA . Attributes: autoAddGroups: com.atlassian.crowd.directory.sync.currentstartsynctime: null com.atlassian.crowd.directory.sync.issynchronising: false com.atlassian.crowd.directory.sync.lastdurationms: 373 com.atlassian.crowd.directory.sync.laststartsynctime: 1433920165776 crowd.sync.incremental.enabled: false directory.cache.synchronise.interval: 3600 ldap.basedn: dc=OURDOMAIN ldap.connection.timeout: 0 ldap.external.id: ldap.group.description: description ldap.group.dn: cn=groups,cn=compat ldap.group.filter: ((objectClass=posixgroup)(| (cn=COMPANYGROUP)(cn=TEAMGROUPS)(cn=JIRAGROUP))) ldap.group.name: cn ldap.group.objectclass: groupOfUniqueNames ldap.group.usernames
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Hi, i tried many linear combinations of setup options when i tied our JIRA to ldap. First it was tied to openldap with user auth only. Once we started to use IPA, i changed. Using the base config of FedoraDS was chosen becuase IPA is based on it as well. We don't want any of our service actively modifying ldap, so read-only posix schema was the choice. As for group matching. Accounts tree will not work, don't know why, it just did not work for us. Use compat tree, it is there for these occasions. On the membership schem settings: Group member attribute: memberUid User membership attribute: memberOf Use the user membership attribute: no tick For this setup you need a service user, because memberUid attributes of users are not visible for a single user in the ldap schema - don't remember why. We needed that for user filter as well, so we have chosen to use it this way. Sándor Juhász System Administrator ChemAxon Ltd . Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Christopher Lamb christopher.l...@ch.ibm.com To: Martin Kosek mko...@redhat.com, Brian Topping brian.topp...@gmail.com, Sandor Juhasz sjuh...@chemaxon.com Cc: freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 1:55:15 PM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA Hi All Thanks to Brian and Sandor for their input so far - this gives me another approach to try. From my side this is a work-in-progress report: we have got something working, but are not quite happy with it. Stepping back a bit: I suspect there are a number of integration approaches that may (or may not) work. Atlassian offer several default ldap configurations inc. the FedoraDS mentioned by Sando. Probably several of these can be massaged / bullied to work with FreeIPA with varying degrees of effort / pain. There seem also to be several possible integration use-cases, ranging from full bidirectional replication of ldap users and groups down to simple read-only* authentication only. In our case we want to take a simple approach: in fact we have tried 2 methods so far. 1) We first tried a one-way replication of FreeIPA users and groups to JIRA, as described here: https://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP +Directory We used the A generic LDAP directory server standard config with some values changed for the FreeIPA equivalents. While we were successfully able to connect from JIRA to FreeIPA, and users replicated across, groups did not - it failed at the point of group membership. Also the users could not login (but that is maybe because - from a JIRA point of view - the users had no groups). We did not spend long on this approach, so it is possible that with a little more tweaking we could get it to work. 2) We next tried an even simpler approach - using LDAP only for authentication. https://confluence.atlassian.com/display/JIRA/Connecting+to+an+Internal +Directory+with+LDAP+Authentication Under this approach, when a user first tries to logon to JIRA the user is authenticated and replicated to JIRA. Groups remain local the JIRA directory (although a default group e.g. jira-users can be setup.) This approach is suitable when only a subset of LDAP users need JIRA access. Being one-way there should be no danger of JIRA screwing the LDAP. While we can successfully authenticate FreeIPA users (and thus login and work in JIRA) with this approach, so far we have not been able to get the email address to replicate from FreeIPA to JIRA (and without working email notifications JIRA is rendered as useful as a chocolate teapot) We will continue experimenting (we now have a suggested config from Sandor below as a further variant). Once we get something satisfactory working I would be pleased to contribute to a wiki-page on the topic. Cheers Chris From: Martin Kosek mko...@redhat.com To: Brian Topping brian.topp...@gmail.com, Sandor Juhasz sjuh...@chemaxon.com Cc: freeipa-users@redhat.com Date: 10.06.2015 12:13 Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA Sent by: freeipa-users-boun...@redhat.com Cool, I am glad you made this working. BTW, would any of you mind volunteering and helping the FreeIPA community with contributing a HOWTO article on how to configure FreeIPA and Jira? It is still missing in FreeIPA.org wiki. All we have right now is the link to this discussion, that Petr Spacek added to http://www.freeipa.org/page/HowTos#Web_Services It would be really nice to also have a real page that others can follow and use. Thank you! Martin On 06/10/2015 11:29 AM, Brian Topping wrote: FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information. Cheers, Brian On Jun 10, 2015, at 12:47 AM, Sandor Juhasz
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Hi, here are our working configurations. Might be useful. We use compat tree for auth. We use user in group matching. We use group filter for login authorization. We use FedoraDS as ldap connector on JIRA's side. We don't use pw change or user create in IPA from JIRA side. Watch out not to have matching local users/groups or you will suffer bigtime. Initially it was setup not to use ldap groups, but was changed afterwards by creating all new groups in ldap for this purpose and readding the users. We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA. Attributes: autoAddGroups: com.atlassian.crowd.directory.sync.currentstartsynctime: null com.atlassian.crowd.directory.sync.issynchronising: false com.atlassian.crowd.directory.sync.lastdurationms: 373 com.atlassian.crowd.directory.sync.laststartsynctime: 1433920165776 crowd.sync.incremental.enabled: false directory.cache.synchronise.interval: 3600 ldap.basedn: dc=OURDOMAIN ldap.connection.timeout: 0 ldap.external.id: ldap.group.description: description ldap.group.dn: cn=groups,cn=compat ldap.group.filter: ((objectClass=posixgroup)(|(cn=COMPANYGROUP)(cn=TEAMGROUPS)(cn=JIRAGROUP))) ldap.group.name: cn ldap.group.objectclass: groupOfUniqueNames ldap.group.usernames: memberUid ldap.local.groups: false ldap.nestedgroups.disabled: true ldap.pagedresults: false ldap.pagedresults.size: 1000 ldap.password: ldap.pool.initsize: null ldap.pool.maxsize: null ldap.pool.prefsize: null ldap.pool.timeout: 0 ldap.propogate.changes: false ldap.read.timeout: 12 ldap.referral: false ldap.relaxed.dn.standardisation: true ldap.roles.disabled: true ldap.search.timelimit: 6 ldap.secure: false ldap.url: ldap://IPAURL ldap.user.displayname: cn ldap.user.dn: cn=users,cn=accounts ldap.user.email: mail ldap.user.encryption: sha ldap.user.filter: ((objectclass=posixAccount)(memberOf=cn=JIRAGROUP,cn=groups,cn=accounts,dc=OURDOMAIN)) ldap.user.firstname: givenName ldap.user.group: memberOf ldap.user.lastname: sn ldap.user.objectclass: person ldap.user.password: userPassword ldap.user.username: uid ldap.user.username.rdn: ldap.userdn: uid=OURSERVICEUSER,cn=sysaccounts,cn=etc,dc=OURDOMAIN ldap.usermembership.use: false ldap.usermembership.use.for.groups: false localUserStatusEnabled: false Sándor Juhász System Administrator ChemAxon Ltd . Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 9:22:03 AM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA On 06/08/2015 06:44 PM, Christopher Lamb wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! I saw reply in the threads, so it should be covered. BTW, please add +1s to respective Jira tickets to add proper FreeIPA support. It would be really cool if Jira would know FreeIPA out of the box and could connect to it natively! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
FYI, that mirrors my configuration. Not sure if this was covered previously, but for my setup, only JIRA connects to IPA. All the other atleasian products contact JIRA for their information. Cheers, Brian On Jun 10, 2015, at 12:47 AM, Sandor Juhasz sjuh...@chemaxon.com wrote: Hi, here are our working configurations. Might be useful. We use compat tree for auth. We use user in group matching. We use group filter for login authorization. We use FedoraDS as ldap connector on JIRA's side. We don't use pw change or user create in IPA from JIRA side. Watch out not to have matching local users/groups or you will suffer bigtime. Initially it was setup not to use ldap groups, but was changed afterwards by creating all new groups in ldap for this purpose and readding the users. We use ldap service user for binding - https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA. Attributes: autoAddGroups: com.atlassian.crowd.directory.sync.currentstartsynctime: null com.atlassian.crowd.directory.sync.issynchronising: false com.atlassian.crowd.directory.sync.lastdurationms: 373 com.atlassian.crowd.directory.sync.laststartsynctime: 1433920165776 crowd.sync.incremental.enabled: false directory.cache.synchronise.interval: 3600 ldap.basedn: dc=OURDOMAIN ldap.connection.timeout: 0 ldap.external.id: ldap.group.description: description ldap.group.dn: cn=groups,cn=compat ldap.group.filter: ((objectClass=posixgroup)(|(cn=COMPANYGROUP)(cn=TEAMGROUPS)(cn=JIRAGROUP))) ldap.group.name: cn ldap.group.objectclass: groupOfUniqueNames ldap.group.usernames: memberUid ldap.local.groups: false ldap.nestedgroups.disabled: true ldap.pagedresults: false ldap.pagedresults.size: 1000 ldap.password: ldap.pool.initsize: null ldap.pool.maxsize: null ldap.pool.prefsize: null ldap.pool.timeout: 0 ldap.propogate.changes: false ldap.read.timeout: 12 ldap.referral: false ldap.relaxed.dn.standardisation: true ldap.roles.disabled: true ldap.search.timelimit: 6 ldap.secure: false ldap.url: ldap://IPAURL ldap.user.displayname: cn ldap.user.dn: cn=users,cn=accounts ldap.user.email: mail ldap.user.encryption: sha ldap.user.filter: ((objectclass=posixAccount)(memberOf=cn=JIRAGROUP,cn=groups,cn=accounts,dc=OURDOMAIN)) ldap.user.firstname: givenName ldap.user.group: memberOf ldap.user.lastname: sn ldap.user.objectclass: person ldap.user.password: userPassword ldap.user.username: uid ldap.user.username.rdn: ldap.userdn: uid=OURSERVICEUSER,cn=sysaccounts,cn=etc,dc=OURDOMAIN ldap.usermembership.use: false ldap.usermembership.use.for.groups: false localUserStatusEnabled: false Sándor Juhász System Administrator ChemAxon Ltd. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 9:22:03 AM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA On 06/08/2015 06:44 PM, Christopher Lamb wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! I saw reply in the threads, so it should be covered. BTW, please add +1s to respective Jira tickets to add proper FreeIPA support. It would be really cool if Jira would know FreeIPA out of the box and could connect to it natively! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project signature.asc Description: Message signed with OpenPGP using GPGMail -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Yes, it's fine. -- Sent from mobile On June 8, 2015 18:47:41 Christopher Lamb christopher.l...@ch.ibm.com wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! Thanks Chris -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
Might want to search the 'compat' tree Craig White System Administrator O 623-201-8179 M 602-377-9752 SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032 -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Tamas Papp Sent: Monday, June 08, 2015 12:34 PM To: Christopher Lamb; freeipa-users@redhat.com Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA Yes, it's fine. -- Sent from mobile On June 8, 2015 18:47:41 Christopher Lamb christopher.l...@ch.ibm.com wrote: Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! Thanks Chris -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] LDAP authentication for JIRA using FreeIPA
Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set our expectations . If anyone has succeeded, then of course any tips on how best to do so would be fantastic! Thanks Chris -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project