Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,293,591
Community Members
 
Community Events
165
Community Groups

Migrate from CROWD to openLDAP

Christopher Anderlik
Christopher Anderlik Dec 01, 2013

Hello.

I am trying to migrate all my internal stored Directories/Groups/Users from Crowd to openLDAP.

1) I already found this ticket (migrate from one directory to another) which is not solved yet:

https://jira.atlassian.com/browse/JRA-27868

So my question: Is there already any possibility which I did not find yet??

2) If there is no built solution yet the idea is to export a ldap-dif from Crowd-database and import it in openLDAP.

Maybe with a statement like this:

select 'dn: cn=' || user_name || ',ou=users,dc=ebcont,dc=com' || chr(13) ||
       'objectClass: person' || chr(13) ||
       'objectClass: top' || chr(13) ||
       'email: ' || email_address || chr(13) ||
       'uid: ' || user_name || chr(13) ||
       'cn: ' || user_name || chr(13) ||
       'structuralObjectClass: person' || chr(13) ||
       'givenName: ' || display_name  || chr(13) || 
       'userPassword:: '|| credential || chr(13) || chr(13)
from cwd_user ub;

But the in crowd saved passwords are saved with password-encryption "ATLASSIAN-SECURITY" -> so I cannot use theses hashes in openLDAP.
Is there a way to change the password-encryption?? So that I can import md5 hashes in openLDAP??
Thank you very much!

Answer
Watch
Like Hector David likes this
1817 views

3 answers

1 accepted

1 vote
Answer accepted
Ashma Shrestha
Ashma Shrestha Dec 01, 2013

Hi Christopher,

  1. I haven't paid much attention to the ticket you have mentioned but it would be good to verify if they will be supporting internal directory to external directory migration
  2. When I did a migration from Confluence to LDAP, I used the Crowd CSV import tool. NOTE that "ATLASSIAN-SECURITY" password-encryption is not supported by openLDAP and cannot be changed to anyother hash (We did a good amount of research on this and there is no easy way to carry over the Password therefore we decided to reset the password for all the users during migration).Steps that I followed were
    1. Configure your LDAP to Crowd
    2. Created two CSV exports form the Crowd (or Confluence Directories) for user and another for group membership
    3. Store the two CSV's in the Crowd server and follow the CSV import instructions.

Hope this helps

-Ashma

Reply
1 vote
Christopher Anderlik
Christopher Anderlik Dec 02, 2013

Ashma, Caspar - thank you very much for your information!

I feared that there is no easy solution but thanks for the hint with CSV-import/export!!!!!

Reply
1 vote
Caspar Krieger
Caspar Krieger Atlassian Team Dec 02, 2013

By design, password hashes in a directory using atlassian-security are stored as an irreversible cryptographic hash (assuming the underlying hash algorithm is sound, which we believe it is - we use PBKDF2), so there's no trivial way to get the passwords out of Crowd.

If you are willing to spend some development time on this (or pay someone to do so), you could write a plugin for Crowd which provides a custom password encoder which authenticates users the way AtlassianSecurityPasswordEncoder does (as in, copy paste the code for that) but implements UpgradeablePasswordEncoder to always upgrade the passwords to a hashing algorithm supported by OpenLDAP. Then, when you switch the existing internal directory to use your custom password encoder, users will gradually be migrated over to the new hashing algorithm as they log in successfully.

Then again, requiring a password reset is by far the simplest solution here.

Unfortunately, I can't comment on JRA-27868 on the JIRA backlog because I'm a developer on Crowd (and aside from that we have a general policy of not providing ETAs for issues anyway).

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
Community showcase
Angélica Luz
Angélica Luz
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

206 views 0 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you