I have set up evaluation versions of Crowd, Jira, Stash, and Confluence. Everything seems well and good between the services for my user account, which I've been using for testing. Crowd connects to LDAP correctly, and the other three services use Crowd's SSO to manage users. Where I get a bit lost is in allowing new users (who have valid LDAP credentials) to access the services.
I have Crowd set to add new users to confluence-users, stash-users, and jira-users as soon as they log in for the first time.
The first time user BOB1 visits Stash, he logs in, and Crowd verifies his credentials. When Crowd sends him back to Stash, Stash says "You do not have permission to access Stash". Apparently this is because Stash's view of the Crowd directory is out of date (by more than a few seconds) and hasn't been updated to reflect that Crowd has just added BOB1 to stash-users. Once I go into Stash and tell it to update the Crowd directory, BOB1 can then log in, but a manual update is obviously not the solution.
What is the proper way to allow each user to access the services as soon as they log in for the first time? Thanks in advance.
Unfortunately the only solution currently is to wait for the automatic synchronization to be triggered for each application connected to Crowd. You can make this less painful by decreasing this interval to a low number (like a few minutes) for each of the applications.
Please vote on CWD-2650 if you'd like this to be fixed.
Caspar - thanks for the reply. I voted on the bug but I worry that it's been around for a while and is still unresolved. This is a pretty glaring bug that will cause every new user to get an error on their first login attempt with no visible expectation that the error will resolve itself in the future.
I recently sent out an email suggesting that several folks try out the services I just set up. The result of this bug is that every new user is going to try, and fail, to log in ... this will be their first experience trying out our Atlassian servers and it will leave a bad taste in their mouths. It's going to be hard to convince my company to buy these servers if every new user sees such an obnoxious bug.
I'm willing to try a workaround if one exists. What if I add everyone on the LDAP server to the stash-users group? Would there be any downside to that?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Pre-adding your users to the confluence-users, jira-users, and stash-users groups in the LDAP directory (or in Crowd) would prevent the specific case of the error you're seeing, and there shouldn't be a downside to that as far as Crowd is concerned.
Don't forget to drop the synchronization interval on each of the applications as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.