Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Redirect
delay2
filename
location1558437899

Table of Contents

Zephyr Primary Authentication: Zephyr provides multiple options in which users can be authenticated when they log into the system. This is referred to as Primary Authentication.Primary Authentication are:

  • Internal Authentication
  • LDAP
  • Atlassian Crowd
  • Authentication
  • Single Sign-on (SSO)

Secondary Authentication: If LDAP/Crowd/Webservice/SSO is being used for primary authentication and certain temporary/migrant/external users that are not in those systems need access to Zephyr, the secondary authentication option can be turned on to allow that.

...

  • This is the default option.
  • Users can reset their own passwords by clicking on the 'Profile' link in the top right corner of their interface.

Image Modified

 
LDAP

If your organization is using an LDAP server for authentication, the Zephyr Server can be setup to authenticate users using LDAP.


 

LDAP Configuration

An LDAP directory is a collection of data about users and groups. LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those users and groups from the LDAP server.

We provide built-in connectors for the most popular LDAP directory servers:

  • Microsoft Active Directory

  • Apache Directory Server (ApacheDS)

  • OpenDS

  • OpenLDAP

  • A generic LDAP directory server

When to use this option: Connecting to an LDAP directory server is useful if your users and groups are stored in a corporate directory. When configuring the directory.

Connecting to an LDAP Directory in Jira

Choose  > 
  1. Select Administration

  2. Choose Authentication.

  3. Add a directory and select one of these types:

  4. 'LDAP' – You will be able to choose a specific LDAP directory type on the next screen.

  5. Enter the values for the settings, as described below.

  6. Save the directory settings.

Server Settings

SettingDescription
Directory Type

Select the type of LDAP directory that you will connect to. If you are adding a new LDAP connection, the value you select here will determine the default values for many of the options on the rest of the screen. Examples:

  • Microsoft Active Directory

  • OpenDS

  • And more.

Hostname

The host name of your directory server. Examples:

  • ad.example.com

  • ldap.example.com

  • opends.example.com

Port

The port on which your directory server is listening. Examples:

  • 389

  • 10389

  • 636 (for example, for SSL)

Base DN

The root distinguished name (DN) to use when running queries against the directory server. Examples:

  • o=example,c=com

  • cn=users,dc=ad,dc=example,dc=com

  • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.

BIND DN

The distinguished name of the user that the application will use when connecting to the directory server. Examples:

  • cn=administrator,cn=users,dc=ad,dc=example,dc=com

  • cn=user,dc=domain,dc=name

  • user@domain.name

BIND Password

The password of the user-specified above.

Search Attribute

The attribute field to use when loading the username. Examples:

  • cn

  • uid

  • sAMAccountName

Advance Settings

User Schema Settings

SettingDescription
Search Attibute

The attribute field to use when loading the username. Examples:

  • cn

  • uid

  • sAMAccountName

User Object Class

This is the name of the class used for the LDAP user object. Example:

  • user

  • inetorgperson

User Object Filter

The filter to use when searching user objects. Example:

  • (&(objectCategory=Person)(sAMAccountName=*))

  • (objectclass=inetorgperson)

User First Name Attribute

The attribute field to use when loading the user's first name. Example:

  • givenName

User Last Name Attribute

The attribute field to use when loading the user's last name. Example:

  • sn

User Email Attribute

The attribute field to use when loading the user's email address. Example:

  • mail

Group Schema Settings

SettingDescription
Group Object Class

This is the name of the class used for the LDAP group object. Examples:

  • groupOfUniqueNames

  • group

  • groupOfNames

Group Object Filter

The filter to use when searching for group objects. Example:

  • (&(objectClass=group)(cn=*))

  • (objectclass=groupOfNames)

  • (objectclass=groupOfUniqueNames)

Group Name Attribute

The attribute field to use when loading the group's name. Example:

  • cn

Group Description Attribute

The attribute field to use when loading the group's description. Example:

  • description

Membership Schema Settings

SettingDescription

Group Members Attribute

The attribute field to use when loading the group's members. Example:

  • member

User Membership Attribute

The attribute field to use when loading the user's groups. Example:

  • memberOf

Anonymous Bind

When setting up your LDAP connection, we provide you with an option to connecting without requiring the BindDN and BindPassword. To connect to LDAP without requiring this information, simply enable the Anonymous Bind feature when setting up LDAP.

  • Anonymous Bind is essentially an LDAP server function that allows the client to connect and search the directory (bind and search) without requiring the BindDN and BindPassword.
  • To use Anonymous Bind, click on the checkbox to ensure it is enabled during the LDAP connection setup process.

Below the 'Connection Info' section there will be a place to test the connections and LDAP credentials used. This is useful for a quick check to see if everything is working. The username and password here can be a user in your directory that you wish to log on the Zephyr system with. Once the information is correct you can click the 'Test' button and if everything goes correctly, you should see a 'Validation Successful!' popup. Otherwise, start troubleshooting the setup.

LDAP Required Fields

1. What are the required fields for connecting to LDAP?

  • Open DS: LDAP Host, Base DN, and Search Attribute are required.
    • The username and password for users who can authenticate are required.
  • Active Directory: LDAP Host, Base DN, and Search Attribute.
    • The username and password for users who can authenticate are required.

2. Is a unique Organizational Unit needed for Zephyr? (Organization Unit can be - Zephyr)

  • The organizational unit can be any name. It does not necessarily have to be specific to Zephyr.

3. Is Bind DN required?

  • Bind DN is required for Active Directory.
  • Bind DN is not required for Open DS.


...