Import Users from LDAP

We have our remote LDAP directory connected in Crowd and you also have an internal directory .

Groups are defined locally in Jira.

To import ,i select import Users in crowd and passes are shown on pictures

I assume that your setup looks more or less like this:

                                                                                 
                     +-----------------------------+   +----------------------+  
                     |            Crowd            |   |         Jira         |  
                     |                             |   |                      |  
                     |                             |   |                      |  
+--------------+     |       +--------------+      |   |   +--------------+   |  
|              |     |       |              |      |   |   |Remote Crowd  |   |  
|     LDAP     ---------------  Remote LDAP ----|-----------              |   |  
|              |     |       |              |   |  |   |   |              |   |  
+--------------+     |       +--------------+   |  |   |   +--------------+   |  
                     |                          |  |   |                      |  
                     |                          |  |   |   +--------------+   |  
                     |       +--------------+   |  |   |   |Internal dir  |   |  
                     |       | Internal dir |   |  |   |   |with local    |   |  
                     |       | imported     ----+  |   |   |groups        |   |  
                     |       | from Jira    |      |   |   +--------------+   |  
                     |       +--------------+      |   |                      |  
                     +-----------------------------+   +----------------------+  

If so, I believe that not all of your users are defined in LDAP and this is why you need this internal directory in Crowd.

You manage groups only in Jira but not in Crowd?

If the above is fair description of your setup, I think that the reason why your groups are empty when your users are from LDAP is that Jira does not support membership aggregation as Crowd (as described here).

It seems to me that you have two different sets of users, one set is from LDAP and another is internally created and managed. You would also like to manage groups for both LDAP and internal users. On top of that you would like to build a SSO.

Is the set of users in LDAP and internal directory the same?

Best Regards,

Marcin Kempa

                                                                               
                     +-----------------------------+   +----------------------+  
                     |            Crowd            |   |         Jira         |  
                     |                             |   |                      |  
                     |                             |   |                      |  
+--------------+     |       +--------------+      |   |   
|              |     |       |              |      |   |        
|     LDAP     ---------------  Remote LDAP ----|-------                 
|              |     |       |              |   |  |   |                     |  
+--------------+     |       +--------------+   |  |   |      
                     |                          |  |   |                      |  
                     |                          |  |   |   +--------------+   |  
                     |       +--------------+   |  |   |   |Remote LDAP+
                     |                          |      |   |Internal dir  |   |  
                     |       | Internal dir |   |  |   |   |with local    |   |  
                     |       | imported     ----+  |   |   |groups        |   |  
                     |       | from Jira    |      |   |   +--------------+   |  
                     |       +--------------+      |   |                      |  
                     +-----------------------------+   +----------------------+  

this is our initial schema,

we want to integrate crowd in JIRA ,so importing all users and groups into CROWD

Ok, but do you want to retain the LDAP users as well? or do you want to have all users managed in Crowd only?

Also is the set of users in LDAP and Internal dir the same?

The thing we want is having all groups with users like defined on Jira in our crowd .So we configure LDAP and internal directory for crowd and try to import from Jira. Users and groups are imported but some groups are empty because having users from LDAP.

It is a little bit unclear to me what do you need this LDAP for. You've mentioned that you've setup it while doing the migration. Is it used for something in your setup? Do you store users there?

If not, I believe you might simplify your setup to something like this, given the names of users should be the same in Crowd and in your old Jira internal directory. If the names are the same, issues and comments created by those users should still be assigned to those users.

The importer that you've used should have imported users along with their groups and memberships, could you check that by selecting a user from this imported directory in Crowd and checking they groups.

Here is an example of the setup. Please note that the internal directory that you used previously may now be disabled and placed under Remote Crowd directory, like depicted on the diagram below:

  +----------------------+     +------------------------+  
  |        Crowd         |     |          Jira          |  
  |                      |     |                        |  
  |                      |     |    +--------------+    |  
  |  +----------------+  |     |    |Remote Crowd  |    |  
  |  | Internal dir   |  |     |    |              |    |  
  |  | imported       ---------------              |    |  
  |  | from Jira      |  |     |    +--------------+    |  
  |  | with grou s    |  |     |                        |  
  |  | and memberships|  |     |    +--------------+    |  
  |  +----------------+  |     |    | Internal dir |    |  
  |                      |     |    | with local   |    |  
  +----------------------+     |    | groups which |    |  
                               |    | will now be  |    |  
                               |    | disabled     |    |  
                               |    +--------------+    |  
                               |                        |  
                               +------------------------+  

I also strongly suggest creating another internal directory which would hold only internal and local Jira admin accounts. This is just in case there is a problem with communication with Crowd, so you are always able to access your Jira instance.

Hope that helps,

Marcin Kempa

The first situation is that we have Jira with users from LDPA+internal dir.

What we want now, is integrating Crowd to manage users and groups,so importing users and groups from our JIRA.

The result we got is that groups are imported but empty if users belong to LDAP.