Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket multiple mirror and LDAP auth

rajesh.maurya
rajesh.maurya October 11, 2018

Hi,

I've 4 question related to bitbucket data center edition.

1. Support for LDAP/Active directory users.

2. Mirror creation at multiple locations.

3. User ACL synchronization at mirror location.

4. Actual network data consumption while mirror update. Proportion to actual data change on master.

Please could you share docs or provide more information on these questions.

 

-Rajesh

Answer
Watch
Like Be the first to like this
363 views

1 answer

0 votes
VICTOR-OSEGHALE
VICTOR-OSEGHALE
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 11, 2018

Hi there,

Thanks for reaching out here.

1. Support for LDAP/Active directory users.

Bitbucket Datacenter has support for LDAP/Active directory. You can find more details on the comparison between the server and data center edition.

2. Mirror creation at multiple locations.

Smart Mirror nodes in geographically distributed locations, can be created to accelerate Git clones and fetches for remote teams.  You can read Set up a mirror for detailed instructions on installing a mirror.

3. User ACL synchronization at mirror location.

Am not specifically sure of what you refer to with "ACL".

Hwever, Smart mirrors delegate authentication and authorization to the primary server, but also maintain a 'credentials cache' and a 'permissions cache'.

This cache does not contain your passwords or SSH keys. Instead it stores a cryptographic hash of your password, which can be used to validate provided credentials.

When the primary is (temporarily) unavailable, the mirror will fall back to authenticating locally using it's credentials cache. Users that have accesses a repository from the mirror will have their credentials and permissions cached and be able to access that repository from the mirror even if the primary is unavailable.

Here are some of the configuration properties for smart mirror.

4.  Actual network data consumption while mirror update. Proportion to actual data change on master.

The data consumption of the initial synchronization will vary depending on the size of the repositories that are being mirrored, however, for subsequent updates, this is negligible as only updates are fetched from upstream repositories.

There is no documentation for this, as the data consumption will vary for different environments and objects sizes been communicated.

 

Kind Regards,
Victor

 

 

View More Comments
rajesh.maurya
rajesh.maurya October 11, 2018

Hi Victor,

Thank you for sharing the information.

I was referring user ACL as user access control (ie. read, read-wrtie.. )

Since you mentioned "Smart mirrors delegate authentication and authorization to the primary server, but also maintain a 'credentials cache' and a 'permissions cache'."

Does this mean that
a. Mirror also allows users to perform write permission on mirror if same has been granted on primary instance.
OR
b. Mirror users have read only permission on mirror if they have write permission on primary instance.

In case of b what will happen if user has downloaded the clone from mirror and they push the changes. In this scenario do they have to change origin or it will have meta config of primary.

In addition to that , do Bitbucket & Jira data center edition support user authentication from multiple LDAP/AD?

Regards,

Rajesh

Like
VICTOR-OSEGHALE
VICTOR-OSEGHALE
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 15, 2018

Hi Rajesh,

Thanks for the feedback.

Does this mean that
a. Mirror also allows users to perform write permission on mirror if same has been granted on primary instance.

OR
b. Mirror users have read only permission on mirror if they have write permission on primary instance.

The user can not perform a write operation on the mirror, only the read operation clone and fetch. When user push, it is delegated to the upstream server.

In case of b what will happen if user has downloaded the clone from mirror and they push the changes. In this scenario do they have to change origin or it will have meta config of primary.

User can push to the repository using the same URL, and the mirror relays the push to the upstream repository.

In addition to that , do Bitbucket & Jira data center edition support user authentication from multiple LDAP/AD?

Yes it does.

Its good to note that, when Bitbucket Server is connected directly to multiple user directories, where duplicate user names and group names are used across those directories, the effective group memberships that Bitbucket Server uses for authorization can be determined using either of these two schemes: 

  • 'aggregating membership'
  • 'non-aggregating membership'. 

Read more

For JIRA,  during Authentication, the application will search the directories in the order specified, and will use the credentials (password) of the first occurrence of the user to validate the login attempt. Read more

Kind Regards,
Victor

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events