User management limitations

In our prooduction environment, Stash and AD are integrated to manage users.

Are there any limitations with Stash when integrated ? What kind of application maintenance ( clean-up ) needs to be performed when a user is removed ( at the time of leaving the organization ) from AD ?

Please advise. Thanks

2 answers

1 accepted

Hi Shravanakumar,

I'm not quite sure what you mean by limitations? FWIW we use the same embedded version of Crowd that is used by Confluence and JIRA, so most documentation and questions on Answers related to user management are just as applicable to Stash.

But certainly in terms of cleanup you shouldn't need to do anything. One thing to note - we don't remove personal repositories when users are deleted, as they may contain critical data.

I can't think of anything else that might be of interest. Did you have any particular concerns?

Charles

well, we have mail notification hook in stash where users are registered for getting e-mails whenever push happens. So, when a person is removed from AD at the time of leaving the organization, we will clean the user in respective hooks so that mails will not be bounced back to the system.

This was just one instance we came across. Are there any such maintenance activities we need to perform else where in Stash so that we have clean system.

There are some limitations with JIRA when integrated with AD. for example: when a user is removed from AD, we can't search for issues which are owned the user as the user does not exist in JIRA. With reference to this, I was asking, Are there any such limitation with Stash ?

Let me know, if you need additional details.

Sorry for the delay.

It sounds like the notification hook was a custom plugin? Ideally plugins should be listening for UserCleanupEvent and unregistering them at that point. That's certainly what we do internally.

That said, Stash has a slightly different approach to users than Confluence/JIRA, we never completely remove Stash user rows, and so it should always be possible to view data from a deleted user (eg. pull requests).

Let me know if you run into any problems counter to that claim.

But ...

... if a licensed user leaves your organization there is no easy way to free the license within Stash.

(see: https://answers.atlassian.com/questions/195495/freeing-unused-stash-licensesand https://jira.atlassian.com/browse/STASH-3706):Each user eats up a license - the license can not be reused if the user leaves (at least nobody has shown yet a way to allow this)

Hi Johannes,

Thanks for the reminder.

Although, that depends on your definition of "leave". If the user is no longer in your AD directory, or is at least removed from the AD groups that are being used by Stash, then it's not a problem is it? That's what I thought Shravanakumar was asking about.

Charles

As AD is not in my hands (and our AD administration never seems to remove any members from AD), I cannot test, whether the user-license is freed ...

All I see is, that I cannot free unused licenses ...

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

2,008 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you