Jira User Directory Custom Attributes Integration

Jira supports integration with external LDAP User Directories. This is a powerful feature that allows authentication and authorization of users registered into existing (corporate) directories. One of the LDAP templates supported out of the box is Microsoft Active Directory. LDAP User Directory integration is particularly useful in the case of Jira Service Desk where users shall be able to access the Service Desk portal and nothing else (they are not assigned to any group associated with Jira application: jira-core-usersjira-software-usersjira-servicedesk-users). The licensing mechanism does not apply on these users, they are Service Desk Customers only.

At the same time, LDAP User Directory synchronizes and maps into the Jira’s internal user model only a couple of attributes out of many. For example, Microsoft Active Directory stores user’s telephone number, addresses, certificates etc. All of these attributes are not available in Jira by default. Imagine help desk application where the Customer’s telephone numbermail or address are available to the Agent. This way the Agent will be able to contact the Customer that raised the ticket using alternative channels (phone for example).

This article outlines the creation of Jira Workflow Post Function that will enhance the Service Desk ticket description with additional information automatically attached at the bottom of the ticket description. For example, the description of the ticket:

 

 

Becomes:

 

 

The Post function will be configured with only one attribute ldapAttributes. The format of this multi-line attribute should match the Java Properties format in the form descriptionLabel=ldapAttribute (key=value). For example:

 

 

Note that the white spaces must be escaped with appropriate Unicode code (that’s how Java Properties work).

The Velocity templates for presenting and editing the LDAP attributes to be fetched are:

fetch-user-attributes-function-input.vm

 

 

fetch-user-attributes-function.vm

 

 

The logic for retrieving additional user attributes is based on the currently logged in user. The user is always associated with an existing Jira User Directory he/she belongs to. We can obtain the access information for that directory (URL, credentials, security protocol etc.) from the class DirectoryManager. Once we have that directory access info we can fetch the requested LDAP attributes for the current user. These attributes are available for injection into various ticket/task fields after that. In this particular example, we are constructing contact information that will enhance the ticket description with “signature” at the end of the text.

FetchUserAttributesFunction.java

 

 

The created Workflow Post function shall be attached on the Create transition of the workflow associated to the ticket/task type.

Besides this specialized plugin, the same functionality can be accomplished with Groovy scripting. I’ve already written an article on this topic:

Groovy based JIRA Workflow Post Functions

With this scripting plugin the code shown above can be adapted with minimal changes into Groovy script that will do the same. In addition, besides ticket description enrichment, the Groovy script can store the LDAP attributes into some ticket/task custom fields for easy search and manipulation.

Jira Plugins and Workflow Post functions are a powerful way to enhance Jira. This is just one example that will add value to the Jira Service Desk functionality. InterWorks’ Jira consultants listen to the problems and requirements of their clients. And… usually we don’t see constraints to implement some requirement or solve the problem because our Jira solutions portfolio covers many use cases solved in a way similar to what was explained in this article.

Cheers!