It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Crowd: Importing users and groups

Deleted user Apr 19, 2018

Crowd V3.1.3

Here I am again with yet another question concerning our initial configuration. There is an import function in the "Users" tab but none in "Groups". The "import" in "Users" does import users and groups from remote directories, but not the memberships - as I would have expected. 

I had planned to configure one directory per application with all non-LDAP users from this application. I would manage all users in the active directory connected to Crowd by memberships in:

  • server specific groups (serverX-user, serverY-user, ...) to control the access to this server
  • role specific groups (serverX-reviewer, serverY-author, serverZ-admin...) to control the permissions for a specific user on this server

The server admins would not be allowed to allocate group memberships (no write permission in the Crowd directories).

Does this look like a reasonable plan to you?

In this scenario it would be nice to be able to import groups alone into the LDAP connector, without importing the users. It would further be nice to have a renaming function for groups - but I have already seen that this is a feature that will not be implemented by Atlassian in the near future.

 

3 answers

0 votes
Rambabu Patina Community Leader Apr 19, 2018

If you have users, groups and their membership data, then Crowd CLI is the best choice for you to import user and groups along with their membership.

For more details and examples you can refer https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview.

Deleted user Apr 19, 2018

On the given page I see:

SourceURL:https://bobswift.atlassian.net/wiki/spaces/CRDCLI/overview Crowd Command Line Interface - Confluence

Discontinued for latest releases of Crowd

So I doubt that this could be the best choice for our V3.1.3?

0 votes
Marcin Kempa Atlassian Team Apr 19, 2018

Hi @[deleted]

I am not sure I correctly understand your scenario, so let me try to share what I think you are trying to achieve.

 

  • You have Active Directory where you have all of users and some groups
  • You have several applications connected to Crowd (Jira, Confluence etc.)
  • You would like to be able to control which user has access to which application
  • You would like to be able to control permissions to specific projects / confluence spaces using groups in Crowd

 

Is that a fair summary?

BTW if you have multiple directories and each of your applications in Crowd is mapped to a different one there might be problems to setup Crowd SSO between them.

 

Best Regards,

Marcin Kempa

Hi @Marcin Kempa,

yes, this is (almost) correct. Only that we don't use groups taken from the Active Directory, but define our own in Crowd (like server1_administrator, server2_user, server3_reviewer or server4_projectxy_user).

I think we've got the idea. I only miss migration function that would permit to redefine the current users (configured in the servers' own directories) in Crowd. It seems to ask for a lot of manual work.

If all goes well we will have only the AD with our group memberships attached to the allowed users and we would like to use SSO among the applications. 

0 votes

Hi Jean,

The user import UI can actually import groups (and memberships), but you need to trick it a bit (we've done this MANY times).

  1. Create a users file (even if you don't want to create users) and give it one line with just the following content
    1. ,,,,,

  2. Create a groups file with a line for each user (username as it exists in the existing Crowd directory) and the group they should be a member of
  3. Place each of these files on the filesystem of the Crowd server
  4. Login to the Crowd console, go to Users > Import Users
  5. Select CSV Importer
    1. Select your directory
    2. Leave delimiter as ,
    3. Enter the path of the users file
    4. Enter the path of the user + group file
  6. On the next page, you'll need to map the users file to the all the fields (first name, last name, email, username, password) cause your users file is just empty values separated by commas, just map any of the lines to any of the fields (just to bypass error checking - it won't actually create any users as there's no values)
  7. On the next screen, map your user and group to the right fields
  8. Hit next / import (don't have the exact button names for reference, but it's pretty obvious what you need to do to keep moving along the process)
  9. As mentioned above, as there's no real values in the users file, it won't try and create any users
  10. The values from the groups file are read in, and if the group you specify the user should be a member of doesn't exist, it will first try and create the group and then add the user to the group 

 

If you just want to bulk create groups (but not memberships), you can follow the above process but select one user who you assign to every group you want created, once the groups have been made, search for the user and remove from all the newly created groups.

NB:  You'll need to make sure that in your Crowd directory permissions for the directory you're importing the groups/memberships in to, that Add Group and Modify Group are checked (I think that's all that's needed).

 

CCM

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

What's New in Confluence Cloud – November 2019 Edition

Hey community! This month we’re excited to share brand new features to help you make your mark on Confluence. If you haven’t already, check out our updates from October and September too! Expre...

10,928 views 11 30
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you