We've got a production Stash server set up to authorize users via LDAP. The registration is as easy as logging in for the first time. But such ease is already starting to impact our license count.
So it was decided to restrict this by switching to another authentication method - delegated LDAP on the same global directory.
But there are lots (hundreds) of registered users already, all of them having certain access permissions.
What would be the most correct and less painful way of changing the authentication method? My biggest concern is to keep the list of current users with all their settings, i.e. they should under no circumstances be "forgotten" by the server.
Thank you in advance.
The safest way is to create a new user directory using delegated LDAP and disabling, but not deleting your old directory. This will prevent the existing users from being marked as deleted, retain all existing settings and still stop the directory from synchronizing new users.
Michael, When I disable the "old" directory, all users from it just disappear from the users list, and I'm afraid they should be all created in Stash anew if I want them authenticated via the delegated LDAP. This isn't what I expected. Just to clarify: the LDAP directory is one and the same in the both cases (the "old" pure LDAP and "new" delegated LDAP), so I would expect Stash to somehow take over the existing accounts and just authorize them via LDAP. However if I leave them both - even with the "new" above the "old" in the list - users just keep on self-registering as before.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot