User management limitations

In our prooduction environment, Stash and AD are integrated to manage users.

Are there any limitations with Stash when integrated ? What kind of application maintenance ( clean-up ) needs to be performed when a user is removed ( at the time of leaving the organization ) from AD ?

Please advise. Thanks

2 answers

1 accepted

This widget could not be displayed.

Hi Shravanakumar,

I'm not quite sure what you mean by limitations? FWIW we use the same embedded version of Crowd that is used by Confluence and JIRA, so most documentation and questions on Answers related to user management are just as applicable to Stash.

But certainly in terms of cleanup you shouldn't need to do anything. One thing to note - we don't remove personal repositories when users are deleted, as they may contain critical data.

I can't think of anything else that might be of interest. Did you have any particular concerns?

Charles

well, we have mail notification hook in stash where users are registered for getting e-mails whenever push happens. So, when a person is removed from AD at the time of leaving the organization, we will clean the user in respective hooks so that mails will not be bounced back to the system.

This was just one instance we came across. Are there any such maintenance activities we need to perform else where in Stash so that we have clean system.

There are some limitations with JIRA when integrated with AD. for example: when a user is removed from AD, we can't search for issues which are owned the user as the user does not exist in JIRA. With reference to this, I was asking, Are there any such limitation with Stash ?

Let me know, if you need additional details.

Sorry for the delay.

It sounds like the notification hook was a custom plugin? Ideally plugins should be listening for UserCleanupEvent and unregistering them at that point. That's certainly what we do internally.

That said, Stash has a slightly different approach to users than Confluence/JIRA, we never completely remove Stash user rows, and so it should always be possible to view data from a deleted user (eg. pull requests).

Let me know if you run into any problems counter to that claim.

This widget could not be displayed.

But ...

... if a licensed user leaves your organization there is no easy way to free the license within Stash.

(see: https://answers.atlassian.com/questions/195495/freeing-unused-stash-licensesand https://jira.atlassian.com/browse/STASH-3706):Each user eats up a license - the license can not be reused if the user leaves (at least nobody has shown yet a way to allow this)

Hi Johannes,

Thanks for the reminder.

Although, that depends on your definition of "leave". If the user is no longer in your AD directory, or is at least removed from the AD groups that are being used by Stash, then it's not a problem is it? That's what I thought Shravanakumar was asking about.

Charles

As AD is not in my hands (and our AD administration never seems to remove any members from AD), I cannot test, whether the user-license is freed ...

All I see is, that I cannot free unused licenses ...

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,596 views 9 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you