I’m working with LDAP integration in Jira and I need to filter out certain user accounts during the sync process. Specifically, I want to exclude users based on their LDAP attributes like uidNumber and UserCategory.
Is there a way to configure Jira so that it skips these specific users when pulling data from the LDAP directory? I don’t want these particular accounts to show up in Jira at all during the synchronization process.
Any guidance on setting up filters or exclusion rules would be really helpful. Thanks!
To prevent specific LDAP accounts from syncing to Jira, you should configure a User Object Filter in your LDAP settings. Navigate to Administration > User Management > User Directories, select your LDAP directory, and modify the filter. An example filter could be (&(objectClass=person)(!(uidNumber=specificValue))(!(UserCategory=excludedCategory))), which will effectively exclude the accounts you wish to avoid syncing. It’s advisable to test this setup in a development environment to ensure your live sync remains unaffected.
Hit this same problem a few months back - service accounts and dead users were everywhere in our Jira. The User Object Filter works great, but learn your LDAP schema first. Test your queries against the directory to see what attribute values you’re actually working with before writing filters. I had to mix multiple conditions and found out some attributes weren’t filled in consistently. One heads up: filter changes won’t kick out users that already synced. You’ll have to clean those manually or do a fresh sync after setting up the filter.