Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

How to migrate the LDAP users to Jira internal directory with all the permissions intact

Vikranth Anakapally June 19, 2019

I am using Jira Software 8.0 Server version. We want to migrate the Active Directory who have Jira access Permission to Jira internal directory.

We also need to make sure the permissions are intact as they had before migration. We user the Local groups created(In Jira Directory) and provided the permission to the project necessary.

My DB is MYSQL : Do we have any scripts to migrate using the scripts, Please help

 

1 answer

0 votes
Dave Theodore [Coyote Creek Consulting]
Community Champion
June 19, 2019

This isn't really documented well, but here is how User Directories work.  First off, it would be safest to set up an Active Directory connector configured as "read only with local groups." 

When you create the new User Directory, it will sort below the Jira Internal Directory.  Once you have the new AD Directory added and set up, all you do is invert the order (ie: move the Jira internal Directory below the new AD directory) and the internal users will become AD users in Jira.

Obviously, test this in a development environment before making these changes in production.

Vikranth Anakapally June 20, 2019

Hello Dave,

We first used the Jira directory as authentication for couple of years, and then later moved to AD  and already setup the AD connector and currently the authentication is working good. 

We want to revert back to Jira authentication and migrate the AD user who are in Jira-users (access to jira) only those users to be move to Jira internal directory. Once moved we want to make sure the permissions are in tact as they was in AD. 

Coming to permissions, for the project we have created a groups and users in that specific group will have respective project access. These groups are in Jira Internal directory, so once the migrate the users from AD to Jira Internal directory we have the Groups also the be migrated. so the access be intact.

 

Thanks,

Vikranth.

Dave Theodore [Coyote Creek Consulting]
Community Champion
June 20, 2019

In that case, it's hard to know what state each user is in.  Based on my experience, you will probably have some users that have data associated with each user, which makes it a real mess to clean up.  I would not recommend manually editing the database. The user entity model in Jira (and  the rest of the suite) isn't designed in a way that you would design it today (I'm being kind here.) There is not a single key that all user related objects reference, so it's super messy to try and do this sort of change by hand.

Here's what I would do:

1. First, set up a development environment that is an exact replica of production.

2. On the development system, run the following SQL statement and save the data to CSV.

select id,user_name,directory_id from cwd_user;

3. Next, remove the AD user directory from the dev instance.

4. Run the SQL statement above again and compare the results.

The difference between the two should give you an idea which accounts will be problematic. You'll then need to decide what to do about the accounts that are duplicate and have data associated with both accounts.  The best solution that I have found is to rename the least impacted user (ie: the one with the least Dashboards, Comments, etc) and then bulk edit the Reporter and Assignee to the user that will remain. If you remove the renamed user from all Groups and Applications, they won't show up in user pickers, but you can still see the history.

Suggest an answer

Log in or Sign up to answer