I have a puzzle to solve here. We use LDAP for group management in JIRA, and for the most part it works well. However, when trying to add "watchers" to issues, we currently don't have a way to limit this to users who have been defined in LDAP groups. So, that means that the list of watchers is 25000 people long. Add to that the fact that this can possibly impact our licensing. Naturally, JIRA has no way to accomplish this at the moment.
What I need to do is make it so that only users we have defined in groups under a specific OU can be read. I had initially thought to use (memberOf=*), but we have groups under another OU that everyone belongs to. I would like to avoid having to create a special group for this, since membership in any group under our "application" ou implies access to JIRA.
How would you go about this?
Software Infrastructure Support Engineer
Infrastructure Implementation & QA