Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring Crowd for JIRA, Stash and Confluence and migration

James True
James October 31, 2014

We already have JIRA, Stash, and Confluence installed and have been using them for some time.  Each currently has a "Delegated LDAP" directory that authenticates via Active Directory.  They all automatically create the user and adds them to the appropriate jira-users, stash-users, confluence-users group respectively at first log on.  Not all users use all three apps but there is considerable overlap between the sets of users in each.  We also have a number of additional groups that associate users with geographic locations (countries), product teams, etc.  Groups that are used across all products are named the same in each app, and unique group names are used if they are only applicable to users of the particular app.

We are installing Crowd and my understanding is that it is better to use a single directory in Crowd (ours will be Delegated LDAP) so that we do not have duplicate users across three individual directories.  We want to migrate to Crowd with hopefully no impact on the user community.  I cannot find any document that discusses this scenario so I have questions:

  1. Is the single directory approach the preferred method?
  2. Can I migrate the users from all three apps into a single Crowd Delegated LDAP directory?  Any problems I should watch out for?  Special tricks?
  3. Will the groups also be migrated? Keeping the existing group memberships is essential since not every user has an account on all three apps so we need to maintain the memberships for the license counts. 
  4. Once we convert to Crowd and each app is using the common Crowd directory instead of its own Delegated LDAP directory, do we need to keep the groups defined in the apps as well as in Crowd, or should they be defined in the apps instead of in Crowd, or can we put some in one place and some in others depending on whether they are used across all three apps or unique to a specific app.  In other words the workings of groups and directories and related best practices are not clear to us, especially with multiple apps sharing the same directory.  For example in JIRA we currently have a JIRA Internal directory and a Delegated LDAP directory.  When we create a group in JIRA, there are two rows created in the cwd_group table, one for each of the directories (so the group "exists" in both directories).  After the conversion, if we create a group in JIRA (assuming we still can), will it exist in the internal directory and the Crowd directory and will we see it in the UI in both JIRA and Crowd?  A more detailed discussion of the theory and logic behind how this works would be most helpful.

I know this is a big ask, but my searches haven't turned up much in the way of information or guidance for multiple app migration and I really don't want to break our existing tools.

 

 

Answer
Watch
Like Be the first to like this
459 views

2 answers

0 votes
James True
James November 3, 2014

Thank you Renato for your response.

#2 I am still curious if anyone has any experience with importing multiple applications into the same Crowd directory.  One problem I see is that Stash is not one of the applications that the Atlassian importer supports.  Since Stash has the same embedded Crowd database tables, Do I import as though it was JIRA or some other application?

#4 I could still use more information on the relationship of groups and where and how they are maintained. 

Reply
0 votes
rrudnicki
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 31, 2014

Hi James, 

Let me clarify your questions. Additionally I suggest you to try Crowd in an test environment so you can understand better the options I’m mention below.  

1- Crowd have options to add Directories (Active Directory, OpenLDAP, etc). If you have only one Active Directory on your network, then you don’t need to create multiple directories. However, once you have a directory on Crowd, you will add your applications on the Applications Tab. In this tab, you will add an application for JIRA, a new one to Stash and another one to Confluence. You cannot put JIRA, Stash and Confluence on the same Application. When you hit on the option Add Application, you will see that you have options for all Atlassian products. 

2 - You should be able to import users without problems. On Crowd you have in the Users Tab, the option Import Users which I believe is what you are looking for. 

3 - Yes, on the Import Users Tab you also should be able to migrate the groups from your Active directory. 

4 - You can have configured a delegated directory and an internal directory to an application, for instance, Confluence. You can manage your groups and on the Application Tab choosing what group will be related to each application.

In this link you can an example how Crowd directory works.  In Crowd Admin guide you can find additional information.

 

I hope it helps.

 

Regards, 

Renato Rudnicki

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events