Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Insight: ldap-crowd importing into schema

Sys Admin
Sys Admin September 11, 2017

Hi!

We're trying to configure a croned import of all users and groups in our Crowd-LDAP and I have a couple questions about it:

- How can I import the "Active" parameter of each user? I tried mapping the LDAP Attribute but I'm not 100% sure it's called "active"

- Do you have any tip regarding the group population or relationships between users and groups? We did the setup of 2 different processes for groups and users and they're working almost 100% fine (but the Active param) and we would like to map group membership in Insight's schema.

Thanks in advance

Answer
Watch
Like Be the first to like this
1535 views

1 answer

1 vote
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 11, 2017

I understand you are working with Insight, a plugin for JIRA, made by Riada: Insight - Asset Management for JIRA

You are using a cron job to import users and groups from a Crowd instance, which is synchronizing with LDAP.

You would like the Insight users to be active if the user is active in LDAP and in Crowd, and you need the group memberships to be maintained.

My understanding of Insight is that it uses the same users as JIRA. It seems like synchronizing JIRA with Crowd through a User Directory would work. You would have a Crowd>LDAP User Directory in JIRA that you could use, which would have the same memberships and active status as in Crowd. Here is the documentation for integrating Crowd and JIRA: Integrating Crowd with Atlassian JIRA

Please let me know if I am understanding your requirements properly.

View More Comments
Sys Admin
Sys Admin September 12, 2017

Hi Ann

thanks for your quick answer. I'll try to ellaborate a bit more about this request.

As you said, we are using Insight - Asset Management plugin for JIRA. This tool has an importer which is used to create assets (user-type assets) in the CMDB by importing them from LDAP or JIRA.

We are using Crowd as LDAP for several tools: JIRA, Confluence, Stash and others. We need to create user-assets for every user configured in LDAP (Crowd), not just the ones who have access to JIRA, so JIRA-Insight synchronization is not useful and we need to go for LDAP-Insight.

We've successfully managed to import every user from the LDAP as a Insight asset. We've even managed to import every existing group in Crowd as group-assets in Insights, but I can't manage to create a relationship between group membership and users. I think this might be a question more for Insight's developers...

When we import every user data from LDAP ( givenName, sn, email, etc) we also need to import the "active" attribute but I can't find this flag as a LDAP attribute. What am I doing wrong?

Like
Ola_Melin
Ola_Melin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 20, 2017

Hi, 

Are you using Insight 5 or are you using another version? 

If you are using Insight 5 you can configure the mapping between users and groups using IQL. This is described here https://documentation.riada.se/display/ICV50/Import+Concept+-+Object+Type+Reference

The active flag should be possible to chose as a dataLocator and map it to an Insight Attribute. Is it not possible to chose that? 

Like
Sys Admin
Sys Admin September 20, 2017

We're using Insight 5.0.3

I managed to configure the mapping between users and groups using each user's DN and an IQL like DN IN ${uniqueMember${0}}) 

But I can't find how to retrieve the "active" flag from LDAP. I attach screenshots of the LDAP stored data as seen by Insight and Apache Directory Studio.

I have a workaround for that: using a JIRA import retrieves the flag. I made 3 import jobs: Users, Groups and user matching, and Active flag. I think "active" may be stored in Crowd DB, not LDAP.

 

Attributes retrieved by Insigth: 

seen by insight.PNG

 

Attributes retrieved by Apache Directory Studio:

seen by ldap apache directory studio.PNG

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events