Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA password management for external users while using LDAP for internal users

Eva8
Eva
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

I currently setup LDAP in JIRA to get the users information from our internal team, and created external accounts for our clients. But I notice that once I setup LDAP, I can no longer change password for both internal and external users. I tried changing the general config for "external password management", but I was still unable to change the password. Am I missing something? Is it really not possible to let external users to change password?

If it's not possible to do it out of the box, then what kind of plugin/services can I create to get around this issue w/o touching the core JIRA files?


Thanks,

Eva

Watch
Like Be the first to like this
1561 views

3 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Martin Cooper3
Martin Cooper
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

Hi Eva,

Yes the local directory is the JIRA directory, i.e its a separate one to LDAP. In the User Directories part of the admin section, you should see two directories set up, and you can confirm the details of these by looking at the Directory Configuration Summary link - which will list the following type of info for each dir:

=== Directories configured ===

Directory ID: 1

Name: JIRA Internal Directory

Active: true

Type: INTERNAL

Created date: Mon Apr 11 17:58:15 BST 2011

Updated date: Mon Apr 11 17:58:15 BST 2011

Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]

Implementation class: com.atlassian.crowd.directory.InternalDirectory

Encryption type: atlassian-security

Attributes:

"user_encryption_method": "atlassian-security"

Reply
1 vote
Martin Cooper3
Martin Cooper
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

Would you be able to confirm which version of Jira you are using, as the handling of LDAP is very different since 4.3 to previous versions.

At 4.3 you can make the ldap directory connector read/write so that changes made locally will be reflected in the directory.

http://confluence.atlassian.com/display/JIRA043/Connecting+to+an+LDAP+Directory

Read/Write LDAP users, groups and memberships are retrieved from your directory server. When you modify a user, group or membership via the application administration screens, the changes will be applied directly to your LDAP directory server. Please ensure that the LDAP user specified for the application has modification permissions on your LDAP directory server.

If the issue is that the 'external' users are just local to Jira and not in LDAP, then they would need to be in a separate 'local' directory and not in the LDAP one.

If running a pre 4.3 verison of Jira then your options are more limited. The password is managed in LDAP whilst the user profile is in Jira, and the local account details are used if the username does not match one from LDAP. You can still use multiple authentication sources but these have to be manually setup, in the Jira config files.

http://confluence.atlassian.com/display/JIRA042/Integrating+JIRA+with+LDAP

View More Comments
Eva8
Eva
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

I am currently using version 4.3.4.

I want to keep the internal users from changing their password via JIRA than LDAP, that's why I make it read-only. But for external users, I dont know what you mean bys etting them up in different local directory. I thought you can just create external users just on JIRA directory itself per this diagram:

http://confluence.atlassian.com/display/USERMAN010/_Diagram+JIRA+LDAP+Copy+on+First+Login

Like
Reply
0 votes
justindowning
justindowning
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

No, you are correct. The LDAP users will need to change their password via LDAP tools. The only way to allow external users to change their password is to disable External Password Management.

View More Comments
Eva8
Eva
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2011

@Justin-downing - I have disable both "external user management" and "external password management" but it still doenst allow me to change password for external accounts on teh login page. I even try different combinations of those 2 options but none of them give me what I needed. I really dont care if internal user can change password or not, b/c I have set the LDAP to read-only, but i really need to have external users to change their password if necessary.

Thanks again for your help!

Like
Reply

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events