Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Import Users from LDAP

Hi,

We just install a new Crowd server and we want to use it for the SSO.

We already have our Jira server with defined groups  and users from LDAP.

We try to import users and group from Jira to Crowd but we have groups empty when users are from LDAP.

How can we procced ?

Regards,

Toolbox Managers

1 answer

0 votes
Marcin Kempa Atlassian Team Feb 19, 2018

Hi @toolbox-sia,

 

Could you describe how did you do the import of users and groups from Jira to Crowd? Also could you describe in a more detail how your setup looks like? I assume that you have a remote LDAP directory connected in Crowd and you also have an internal directory in Crowd?

Did you previously used local groups in Jira?

 

Best Regards,
Marcin Kempa

We have our remote LDAP directory connected in Crowd and you also have an internal directory .

Groups are defined locally in Jira.

To import ,i select import Users in crowd and passes are shown on picturesCattura.JPGCattura1.JPG

Marcin Kempa Atlassian Team Feb 19, 2018

I assume that your setup looks more or less like this:

                                                                                 
                     +-----------------------------+   +----------------------+  
                     |            Crowd            |   |         Jira         |  
                     |                             |   |                      |  
                     |                             |   |                      |  
+--------------+     |       +--------------+      |   |   +--------------+   |  
|              |     |       |              |      |   |   |Remote Crowd  |   |  
|     LDAP     ---------------  Remote LDAP ----|-----------              |   |  
|              |     |       |              |   |  |   |   |              |   |  
+--------------+     |       +--------------+   |  |   |   +--------------+   |  
                     |                          |  |   |                      |  
                     |                          |  |   |   +--------------+   |  
                     |       +--------------+   |  |   |   |Internal dir  |   |  
                     |       | Internal dir |   |  |   |   |with local    |   |  
                     |       | imported     ----+  |   |   |groups        |   |  
                     |       | from Jira    |      |   |   +--------------+   |  
                     |       +--------------+      |   |                      |  
                     +-----------------------------+   +----------------------+  

 

If so, I believe that not all of your users are defined in LDAP and this is why you need this internal directory in Crowd.

You manage groups only in Jira but not in Crowd?

If the above is fair description of your setup, I think that the reason why your groups are empty when your users are from LDAP is that Jira does not support membership aggregation as Crowd (as described here).

 

It seems to me that you have two different sets of users, one set is from LDAP and another is internally created and managed. You would also like to manage groups for both LDAP and internal users. On top of that you would like to build a SSO.

Is the set of users in LDAP and internal directory the same?

 

Best Regards,

Marcin Kempa

                                                                               
                     +-----------------------------+   +----------------------+  
                     |            Crowd            |   |         Jira         |  
                     |                             |   |                      |  
                     |                             |   |                      |  
+--------------+     |       +--------------+      |   |   
|              |     |       |              |      |   |        
|     LDAP     ---------------  Remote LDAP ----|-------                 
|              |     |       |              |   |  |   |                     |  
+--------------+     |       +--------------+   |  |   |      
                     |                          |  |   |                      |  
                     |                          |  |   |   +--------------+   |  
                     |       +--------------+   |  |   |   |Remote LDAP+
| | | |Internal dir |
| | | Internal dir | | | | |with local | | | | imported ----+ | | |groups | | | | from Jira | | | +--------------+ | | +--------------+ | | | +-----------------------------+ +----------------------+

this is our initial schema,

we want to integrate crowd in JIRA ,so importing all users and groups into CROWD

Marcin Kempa Atlassian Team Feb 19, 2018

Ok, but do you want to retain the LDAP users as well? or do you want to have all users managed in Crowd only?

Also is the set of users in LDAP and Internal dir the same?

The thing we want is having all groups with users like defined on Jira in our crowd .So we configure LDAP and internal directory for crowd and try to import from Jira. Users and groups are imported but some groups are empty because having users from LDAP.

Marcin Kempa Atlassian Team Feb 19, 2018

It is a little bit unclear to me what do you need this LDAP for. You've mentioned that you've setup it while doing the migration. Is it used for something in your setup? Do you store users there?

If not, I believe you might simplify your setup to something like this, given the names of users should be the same in Crowd and in your old Jira internal directory. If the names are the same, issues and comments created by those users should still be assigned to those users.

The importer that you've used should have imported users along with their groups and memberships, could you check that by selecting a user from this imported directory in Crowd and checking they groups.

Here is an example of the setup. Please note that the internal directory that you used previously may now be disabled and placed under Remote Crowd directory, like depicted on the diagram below:

  +----------------------+     +------------------------+  
  |        Crowd         |     |          Jira          |  
  |                      |     |                        |  
  |                      |     |    +--------------+    |  
  |  +----------------+  |     |    |Remote Crowd  |    |  
  |  | Internal dir   |  |     |    |              |    |  
  |  | imported       ---------------              |    |  
  |  | from Jira      |  |     |    +--------------+    |  
  |  | with grou s    |  |     |                        |  
  |  | and memberships|  |     |    +--------------+    |  
  |  +----------------+  |     |    | Internal dir |    |  
  |                      |     |    | with local   |    |  
  +----------------------+     |    | groups which |    |  
                               |    | will now be  |    |  
                               |    | disabled     |    |  
                               |    +--------------+    |  
                               |                        |  
                               +------------------------+  

I also strongly suggest creating another internal directory which would hold only internal and local Jira admin accounts. This is just in case there is a problem with communication with Crowd, so you are always able to access your Jira instance.

Hope that helps,

Marcin Kempa

The first situation is that we have Jira with users from LDPA+internal dir.

What we want now, is integrating Crowd to manage users and groups,so importing users and groups from our JIRA.

The result we got is that groups are imported but empty if users belong to LDAP.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Asked in Jira Service Desk

Calling all Insight users, we need your help!

Hello Insight users,  As part of our (Mindville's) acquisition by Atlassian, our training team is looking to build some new Insight training materials. It would really helpful if you can ...

55 views 0 0
View question

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you