Here I am again with yet another question concerning our initial configuration. There is an import function in the "Users" tab but none in "Groups". The "import" in "Users" does import users and groups from remote directories, but not the memberships - as I would have expected.
I had planned to configure one directory per application with all non-LDAP users from this application. I would manage all users in the active directory connected to Crowd by memberships in:
The server admins would not be allowed to allocate group memberships (no write permission in the Crowd directories).
Does this look like a reasonable plan to you?
In this scenario it would be nice to be able to import groups alone into the LDAP connector, without importing the users. It would further be nice to have a renaming function for groups - but I have already seen that this is a feature that will not be implemented by Atlassian in the near future.
If you have users, groups and their membership data, then Crowd CLI is the best choice for you to import user and groups along with their membership.
For more details and examples you can refer https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview.
On the given page I see:
SourceURL:https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview Crowd Command Line Interface - Confluence
Discontinued for latest releases of Crowd
So I doubt that this could be the best choice for our V3.1.3?
I am not sure I correctly understand your scenario, so let me try to share what I think you are trying to achieve.
Is that a fair summary?
BTW if you have multiple directories and each of your applications in Crowd is mapped to a different one there might be problems to setup Crowd SSO between them.
Hi @Marcin Kempa,
yes, this is (almost) correct. Only that we don't use groups taken from the Active Directory, but define our own in Crowd (like server1_administrator, server2_user, server3_reviewer or server4_projectxy_user).
I think we've got the idea. I only miss migration function that would permit to redefine the current users (configured in the servers' own directories) in Crowd. It seems to ask for a lot of manual work.
If all goes well we will have only the AD with our group memberships attached to the allowed users and we would like to use SSO among the applications.
The user import UI can actually import groups (and memberships), but you need to trick it a bit (we've done this MANY times).
If you just want to bulk create groups (but not memberships), you can follow the above process but select one user who you assign to every group you want created, once the groups have been made, search for the user and remove from all the newly created groups.
NB: You'll need to make sure that in your Crowd directory permissions for the directory you're importing the groups/memberships in to, that Add Group and Modify Group are checked (I think that's all that's needed).
Hi Everyone! My name is Mina and I am on Atlassian’s Ecosystems Marketing team. Our team is focused on our technology partnerships and marketplace apps. One of Atlassian’s partners is Slack, who ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events