Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,274
Community Members
 
Community Events
165
Community Groups

Is there a way to manually synchronize CROWD with LDAP directory?

I'm using CROWD 3.4.4 and have a connector directory defined to connect to LDAP.  Our email domain has just changed and I would like to synchronize all user accounts.  Is there a way for me to do this manually?

I've seen a few posts that refer to synchronize option under the Connector tab of the Directory configuration but I don't have such an option.

Thanks for your help and time!

1 answer

1 accepted

0 votes
Answer accepted

I have figured out a way... not sure if this is the best way but it works.  I started by doing a select in the CROWD database to get all my user ids.  I then took that list and I simply did a curl call the CROWD REST API to the following URL:

/rest/usermanagement/1/session?validate-password=false

Marcin Kempa Atlassian Team Dec 04, 2019

Hi @Luc O. 

If you have a connector directory there should be a button called 'Synchronize now' on the details tab in directory configuration. If you don't see that button perhaps you have a delegated authentication directory?

The reason the URL you've mentioned worked is that you've simulated a login event for each user which fetched the data from the remote directory (this happens normally on each user login). Note that if you were interested in updating memberships this approach would only work if you had option 'Synchronize group memberships when logging in' set to `Every time a user logs in'

This update also happens when user logs in to application.

 

Just to clarify for others, that may be using your approach the call had to be HTTP POST with Basic-Authentication and credentials for that authentication should be as for one of the applications that is connected to Crowd. Also I am guessing you had to provide `authentication-context` a json body with username and `validation-factors`, correct?

 

Best Regards,

Marcin Kempa

Hi @Marcin Kempa ,

I don't have a button called 'Synchronize now'.

Here is the command I used with the above URL:

curl --basic -u "<applicationId>:<applicationIdPassword>" -k -X POST -H "Accept: application/json" -H "Content-type: application/json" --data '{"username":"aUserName"}' <CROWD base url>/rest/usermanagement/1/session?validate-password=false

 In order to be able to do all users, I simply did the following query in the CROWD database (Oracle in my case):

  SELECT user_name
FROM cwd_user
WHERE directory_id = <aDirectoryId>
ORDER BY user_name;

After doing this SQL, I saved the output to a file and ran the following in a bash shell:

for u in `cat userList.txt`; do echo $u; curl --basic -u "<applicationId>:<applicationIdPassword>" -k -X POST -H "Accept: application/json" -H "Content-type: application/json" --data '{"username":"'$u'"}' <CROWD base url>/rest/usermanagement/1/session?validate-password=false; done

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

315 views 0 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you