Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Creating local users with the Delegated LDAP auth enabled

Max Vorobiev
Max Vorobiev November 12, 2014

Dear experts,

I've recently set up the "Internal with LDAP authentication" user directory in my Stash (v2.12.2).

The "pure" LDAP authentication was used before, and I was also able to create some technical accounts (not present in LDAP by definition) locally, i.e. in the internal stash directory. That was a part of my workflow.

Now all accounts I create get associated with that "delegated" LDAP directory, even if there are no such user records in my LDAP! This makes it impossible to authenticate such user - LDAP rightfully rejects it.

Is there a way to tell Stash which "user directory" method to use when creating a particular user? Is there a way to tell it that if the user isn't in LDAP, it should fallback to the internal directory?

 

Thank you in advance for your help.

Answer
Watch
Like Be the first to like this
1564 views

4 answers

1 accepted

3 votes
Answer accepted
Marcin
Marcin
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 13, 2014

What is the order of your directories in the "User Directories" screen?  If you want the "Internal Directory" to be tried before the LDAP directory then it needs to be above the "Delegated LDAP Authentication" directory in the list.

I just tested this on an install of Stash 2.12.2 - I can create a user in the local directory and login successfully, as well as login with a user whose password is in LDAP.  Here's what my User Directories screen looks like:

image2014-11-14 9:37:43.png

Reply
1 vote
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 16, 2014

Hi Max,

I am sorry for having misunderstood you - you are totally right. We actually have a feature request for your scenario here: https://jira.atlassian.com/browse/STASH-3323 in case anyone else is also looking for this.

Best regards,
Thiago Bomfim
Atlassian Support

Reply
0 votes
Max Vorobiev
Max Vorobiev November 13, 2014

Hi Thiago,

I think you didn't get my point. I know that Stash doesn't write to a remote user directory; instead it creates some internal records which are assiciated with the directory. As I see it, this association id decided upon the position  of the directory in the list (its priority). The Delegated LDAP thing is in fact internal directory, so it is perfectly writable, but - if it is on top of the list, -  Stash for some reason doesn't check whether each user account put into it actually exists in LDAP through which it is going to be authenticated.

Marcin's suggestion (thanks!) seems to be the only possible workaround - at least I've got a similar reply via the official Atlassian tech. support channel. However, there are situations when one wants some accounts to be associated with different directories - and not by moving the directories up and down the list every time.

 

Reply
0 votes
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 13, 2014

Hi Max,

We had a similar issue raised in the past that was closed as invalid because Stash does not have the ability to write on User Directories. Hence it doesn't make sense providing a the "choosing directory" functionality during the user creation process:

Hence all the users you create manually go to the Stash Internal directory. Didn't you just get confused?

Best regards,
Thiago Bomfim
Atlassian Support

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events