I recently realized that Atlassian is using ATLASSIAN-SECURITY (Bouncy Castle Encryption) method to encode their Password which is not supported by any LDAP. The plan is to use LDAP as a centralized usesr directory and Crowd as the interface and SSO tool. Our choice was due to the fact that
- LDAP handles multiple password encryptions, which in our case is important because we are planning to import users from multple non-atlassian directories as well and we would like the password to be intact.
- Better support for extra user attributes in LDAP where as Crowd does offer it but the implementation is not fully mature or as per our need.
I would really appreciate it, if someone can provide some pointers on how this can be done.
Thank you in advance
I believe that this would be a "Cannot be done". Not due LDAP or Import, but due the fact that you need to use another encryption other than Atlassian-security.
So the main ideia would be convert atlassian-sha, to something else, which then would be a "security" failure, and I believe that you might be able to reverse the encryption, but it could be very difficult.
In my humble opinion it would be too much work for something that in a high security environment would be discarded in 7 days upon request to password change.
Getting to your question, I would just import all users from Confluence to your LDAP, and force a random password, forcing your users to change their passwords on first login. This would generate a fresh pair of keys with the correct LDAP Security.
Hope this helps you. Cheers,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.