How to Remove LDAP Groups from JIRA

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Overview

When JIRA is set up to synchronise directly from a LDAP server such as Active Directory (as in Connecting to an LDAP Directory), if a group is no longer required from Active Directory it cannot be deleted within JIRA, as in the screenshot below.

(Auto-migrated image: description temporarily unavailable)

In this example, using Active Directory with the Read Only, with local groups permission setting, this is caused by JIRA marking that group as belonging to the LDAP server and group membership, including deleting the group cannot be modified within JIRA.

Steps

Either of the following:

  1. Delete the groups from the LDAP server (e.g.: Active Directory).

  2. Modify the Group Object Filter, as in the Group Schema Settings to exclude them from synchronisation and then resynchronise the User Directory. The example below will no longer synchronise the ad2003-test-group from Active Directory and all groups and group membership will be removed from JIRA.

    1 (&(objectCategory=Group)(!(cn=ad2003-test-group)))

    ℹ️ Please see our How to write LDAP search filters for further information on writing the filter.

Updated on April 15, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageOverviewSteps

Still need help?

The Atlassian Community is here for you.
Ask the Community