Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,410
Community Members
 
Community Events
177
Community Groups

How to switch over Crowd to a different Delegated Authentication Directory?

Hello Everyone!.

We have the following situation:

We are using Crowd 2.6.5 connected to an Microsoft LDAP Server for Delegated Authentication porpuses. We have more than 10K users. A JIRA 5.1.8 and Confluence 5.1.4, both connected to Crowd for user management. Our company is moving to a new LDAP server where every user is going to have a new username but the same password and some new attributes.

I've been testing 2 options on how to do this change in our system, but in both of them i have to run some update queries in the database in order to preserver every ones permissions and tickets reference in JIRA and Confluence.

Option 1: Upgrade Crowd to version 2.7.0 and also Update our JIRA to version 6.1.x and Confluence to version 5.4.x as these are the versions that support username renaming. After upgrading, then i go to Crowd and modify my current Delegated authentication Directory to input the new LDAP url, Base DN, username and password to connect to that new LDAP server and in the configuration tab i map the new username info and the the attributes for First, last name and email as well. Then i stop crowd and go to the crowd Database to run an update query on the cwd_user table to change the usename and lower_user_name values for the new username that each of our 10k+ user will have in the new LDAP server. Then run another update query in the cwd_membership table to change the child_name and lower_child_name values by the new username of each user.

After doing that, then i start up Crowd, JIRA and Confluence, then log in to JIRA and Confluence using the administrator account of each tool and then run a manual directory syncronization. After the syncronization is done, then i logout, and log in now using my new username and i could keep all my permissions and ticket/issue history. Same thing for Confluence.

Option 2: Not doing an upgrade of the tools. Go to Crowd and modify my current Delegated authentication Directory and input the new LDAP url, Base DN, username and password to connect to that new LDAP server and in the configuration tab i map the new username info and the the attribute for First, last name and email as well. Then i stop crowd and go to the crowd Database and run an Update query on the cwd_user table to change the usename and lower_user_name values for the new username that each of our 10k+ user will have in the new LDAP server. Then run another update query in the cwd_membership table to change the child_name and lower_child_name values by the new username of each user. Repeat this update query in our JIRA database for the same tables (cwd_user and cwd_memberships) and also same update query in Confluence database but only in the cwd_user as the Confluence's cwd_membership table doens't have the child_name and lower_child_name columns.

After doing that then i start up Crowd, JIRA and Confluence, then log in to JIRA and Confluence using the administrator account of each tool and then run a manual directory syncronization. After the syncronization is done, then i logout, and log in now using my new username and i could keep all my permissions but lost all reference to previous issues or tickets, so this Option is not worthly.

I'm wondering if there is a way to do this change without having to run updates queries on the database. Can this be a new feature in future version of Crowd?

Does anyone has other idea on how to address this situation?

Thanks in advanced for your responses.

Regards,

Francis.

2 answers

1 accepted

0 votes
Answer accepted

Thanks Andrew for you response, but i don't think the Directory importe will work for me, because the issue is that every user in my user database will need to have a new username, because in the new LDAP server, every user will now have a new username for example: "s999999", instead of "fvittini".

If i create a new directory connected to this new LDAP server and then import this new directory to my old one, the result will be new users added to my old directory as Crowd won't have a way to merge the users that already exists in my old directory with the corresponding record of those users in the new directory.

So far as i've investigated, the Option 1 that i mentioned in my Question above is the only way to get the results i need. That is to connect my Crowd app to that new LDAP server and keep all users history of their previous username mapped to their new username.

Regards,

Francis.

Hi Francis,

With your option 1 does a user's history then show their new username throughout i.e.

2015: userA

2020: userA -> newUserA

If I looked at a ticket from 2015 originally created by 'userA' it would now show it as being created by 'newUserA'?

Regards,

Alan

Hi Francis,

You can use the Directory importer to migrate users from one directory to another.

You'll find this in the User menu then under import users.

Good luck!

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events