Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Crowd: Importing users and groups

Deleted user April 19, 2018

Crowd V3.1.3

Here I am again with yet another question concerning our initial configuration. There is an import function in the "Users" tab but none in "Groups". The "import" in "Users" does import users and groups from remote directories, but not the memberships - as I would have expected. 

I had planned to configure one directory per application with all non-LDAP users from this application. I would manage all users in the active directory connected to Crowd by memberships in:

  • server specific groups (serverX-user, serverY-user, ...) to control the access to this server
  • role specific groups (serverX-reviewer, serverY-author, serverZ-admin...) to control the permissions for a specific user on this server

The server admins would not be allowed to allocate group memberships (no write permission in the Crowd directories).

Does this look like a reasonable plan to you?

In this scenario it would be nice to be able to import groups alone into the LDAP connector, without importing the users. It would further be nice to have a renaming function for groups - but I have already seen that this is a feature that will not be implemented by Atlassian in the near future.

 

Answer
Watch
Like Be the first to like this
2356 views

3 answers

2 votes
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2018

Hi Jean,

The user import UI can actually import groups (and memberships), but you need to trick it a bit (we've done this MANY times).

  1. Create a users file (even if you don't want to create users) and give it one line with just the following content

    1. ,,,,,

  2. Create a groups file with a line for each user (username as it exists in the existing Crowd directory) and the group they should be a member of
  3. Place each of these files on the filesystem of the Crowd server
  4. Login to the Crowd console, go to Users > Import Users
  5. Select CSV Importer
    1. Select your directory
    2. Leave delimiter as ,
    3. Enter the path of the users file
    4. Enter the path of the user + group file
  6. On the next page, you'll need to map the users file to the all the fields (first name, last name, email, username, password) cause your users file is just empty values separated by commas, just map any of the lines to any of the fields (just to bypass error checking - it won't actually create any users as there's no values)
  7. On the next screen, map your user and group to the right fields
  8. Hit next / import (don't have the exact button names for reference, but it's pretty obvious what you need to do to keep moving along the process)
  9. As mentioned above, as there's no real values in the users file, it won't try and create any users
  10. The values from the groups file are read in, and if the group you specify the user should be a member of doesn't exist, it will first try and create the group and then add the user to the group 

 

If you just want to bulk create groups (but not memberships), you can follow the above process but select one user who you assign to every group you want created, once the groups have been made, search for the user and remove from all the newly created groups.

NB:  You'll need to make sure that in your Crowd directory permissions for the directory you're importing the groups/memberships in to, that Add Group and Modify Group are checked (I think that's all that's needed).

 

CCM

Reply
0 votes
Marcin Kempa
Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 19, 2018

Hi @[deleted]

I am not sure I correctly understand your scenario, so let me try to share what I think you are trying to achieve.

 

  • You have Active Directory where you have all of users and some groups
  • You have several applications connected to Crowd (Jira, Confluence etc.)
  • You would like to be able to control which user has access to which application
  • You would like to be able to control permissions to specific projects / confluence spaces using groups in Crowd

 

Is that a fair summary?

BTW if you have multiple directories and each of your applications in Crowd is mapped to a different one there might be problems to setup Crowd SSO between them.

 

Best Regards,

Marcin Kempa

View More Comments
Deleted user April 20, 2018

Hi @Marcin Kempa,

yes, this is (almost) correct. Only that we don't use groups taken from the Active Directory, but define our own in Crowd (like server1_administrator, server2_user, server3_reviewer or server4_projectxy_user).

I think we've got the idea. I only miss migration function that would permit to redefine the current users (configured in the servers' own directories) in Crowd. It seems to ask for a lot of manual work.

If all goes well we will have only the AD with our group memberships attached to the allowed users and we would like to use SSO among the applications. 

Like
Reply
0 votes
Rambabu Patina _Appfire_
Rambabu Patina _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 19, 2018

If you have users, groups and their membership data, then Crowd CLI is the best choice for you to import user and groups along with their membership.

For more details and examples you can refer https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview.

View More Comments
Deleted user April 19, 2018

On the given page I see:

SourceURL:https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview Crowd Command Line Interface - Confluence

Discontinued for latest releases of Crowd

So I doubt that this could be the best choice for our V3.1.3?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events