Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Migrate users to new user directory (Confluence 5.4.4)

Matt Anderson
Matt Anderson May 25, 2014

Hi all,

hoping someone has already been through this, in Confluence 5.4.4 I have two old legacy user directories with some users in each, both Active Directory. I would like to migrate all users from both over toa new "Internal with LDAP Authentication" user directory and delete the two legacy ones. Must maintain permissions, etc.

I found this article but the comment saying it only copies not migrates has stopped me using that one. It was handy to find the users in each directory however.

Any clues?

Answer
Watch
Like # people like this
7462 views

6 answers

1 accepted

4 votes
Answer accepted
Deividi Luvison
Deividi Luvison
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 26, 2014

Hey Matt,

I have a method that might work, however is not support and involves some database sorcery :D, so if you decide to try this, set up a test instance to try this, if it works fine and you decide to give prod a go, backup your production database and application directories before trying to apply this on production:

  1. Have your new directory (lets call new directory) with the same set of your legacy ones (lets say Legacy A and B).
  2. You will also need to ask your LDAP admin to make sure the new directory have the same set of groups (and the users added under those groups) as the legacy A and B directory.
  3. Create a new user directory in Confluence and make sue to add a search filter that returns no resuts (we don't want to sync anything now).
  4. Leave the Confluence Internal Directory in first position.
  5. Have the Confluence internal administrator account (you will need to login with this one).
  6. Disable the other two legacy directories.
  7. Shutdown Confluence.
  8. Run the "SELECT * FROM cwd_directory;" against COnfluence database.
  9. If the information you gave me you will see 4 user directories, Internal, New Directory, Legacy A and Legacy B.
  10. Take note of the id of the new directory and the internal COnfluence directory.
  11. Now run this query ""UPDATE cwd_user SET directory_id='New directory ID noted from previous step' WHERE directory_id <> 'id from internal directory'
  12. The "UPDATE cwd_user SET credential='nopass' WHERE directory_id <> 'id from internal'"
  13. In case your new directory is a delagated directory instead of connector you will need to update as "NULL" instead of "nopass"
  14. And lastly "UPDATE cwd_user SET external_id='' WHERE directory_id <> 'id from internal'"
  15. Start Confluence.
  16. Edit the user directory filter of the new directory so it can correctly sync and pull the users and group information.
  17. Move this directory to first position.
  18. Try to log in again and check your if the permissions are working permissions.
  19. Once you confirm everything is Ok, delete the Legacy A and B directories.
  20. Profit!

This method will tie all users that are not members of the internal user directory into to the "new directory", once they try to authenticate confluence will update the external id.

Another key point is that this method will only works for Confluence on versions 5.3 to 5.5.2, if we ever change our table structure again in future versions this not might work.

Lastly, as I said before, this is a pretty invasive method, which is not supported by us (support team) and is not recommended at all to try in production without testing, however I believe it worth a shot doing into a test env :).

Hope it helps.

Thanks and Regards,
David|Atlassian Support

View More Comments
Deividi Luvison
Deividi Luvison
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 26, 2014

Also make sure to vote up for this feature request:

https://jira.atlassian.com/browse/CONF-25630

So we can have a supported way to migrated users in Confluence trough the UI instead of the above work around.

Like
Matt Anderson
Matt Anderson May 27, 2014

Thanks Deividi, I will give that a go after I spin up a test environment.

Have upvoted that ticket above.

Like
Reply
2 votes
Corentin Méhat
Corentin Méhat
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 9, 2017 edited

Hello,

I found an easier way for Confluence > 5.7, since the group memberships are merged in case of duplicate users.

 

use case :

* initial state : 1 internal user directory, with some usernames matching LDAP

* target state : 1 internal user directory + 1 delegated LDAP dir for LDAP users authentication.

 

By configuring the delegated LDAP with the "copy user on login" and  by adding them to a newly created group to identify which ones are created, I managed to have the user who were in the internal directory but also in the LDAP authentify themselves from the LDAP,  while users that were only in the internal directory (and not the LDAP) were not impacted.

 

Reply
1 vote
Matt Anderson
Matt Anderson December 17, 2014

funnily enough I will be doing exactly that in 9 days, but I'm hoping that all I will really need to do is update the existing user directory with the new LDAP server settings.  If not then yes I imagine the same process above will take care of it.  I'll update here how it goes.

View More Comments
Phillip Ponzer _Cprime_
Phillip Ponzer _Cprime_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 28, 2015

How'd it go? :)

Like
Matt Anderson
Matt Anderson July 28, 2015

it worked fine. Only one side effect, some people did not come across as members of the confluence-uers group, I just added manually as they popped up.

Like
Reply
0 votes
AbrahamA
AbrahamA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 9, 2016

Hello

Is this same for JIRA?

Thanks

Abe

Reply
0 votes
Justin Leader6
Justin Leader
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2014

Thanks @Matt Anderson for putting together these steps. Would it be a similar process to migrate from one AD to another?

Reply
0 votes
Matt Anderson
Matt Anderson September 3, 2014

Following up at last in case anyone reads this in future, just tried this on a test server - it works!

Only changes worth mentioning, in the new Delegated directory i had to tick Sync Group Membership, and Ijust had to fix a couple of quick internal group memberships that didnt come across. I also did not need to do steps 3, 16 & 17.

Happy to move onto the live server now.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
atlassian, atlassian community events, ace, engineering, confluence feed, power of feed, atlassian ask me anything, atlassian confluence answers, ace rsvp, atlassian community events rsvp, atlassian magic

“How We Built This” ft. Atlassian Confluence Engineers

Meet the engineers who are making the Confluence magic happen at Atlassian ✨

RSVP now!
AUG Leaders

Upcoming Confluence Events