Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

increase Atlassian system environment with crowd

DKB Service GmbH
DKB Service GmbH March 22, 2018

hi,

i hoe i can explain my issue correctly.

from rollout of our atlassian system environment we run Jira and Confluence.

The internal jira user directory was also used from confluence. In the past there was no way to connect to our two active directories. So we add each user manualy in the internal directory and user-groups. We are working with ~300 projekts~25000issues ~600 spaces ~95000 pages

in our internal directory we set the username eg. max.mustermann and group associations

thats was fine for us and the user.

 

Now we want to add crowd.

at first we add a directory and import all users&groups from the old Jira internal directory

then we add the active directories als delegated ldap directory.

->.

in ldap1 we have user with the samaccountname "max.mustermann"

with this directory we get an mapping to our importet directory with the same usernames.

-->ok.

---------------

in ldap2 iss the samaccountname like "S111998237" - in this way we have no mathing with our importet directory.

 

 

is there a way to get a matching?

 

Backround info:

we have in our importet directory ~1900 user like "max.mustermann"

from ldap1 comes ~900 of the 1900 user with "max.mustermann"->matching OK

from ldap2 comes ~1000 of the 1900 user with "S111998237"->no matching

 

any idears?

 

Answer
Watch
Like Be the first to like this
712 views

2 answers

0 votes
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2018

Hi @DKB Service GmbH,

we provide a SAML Plugin for Jira & Confluence (and others).

We have quite a few customers similar to your setup, who are using our Plugins.

Generally they don't see the need to use Crowd in this specific setup at all. They just install our Plugin on Confluence and Jira - they then either synchronise the Users via AD directly into Confluence/Jira or they use the Just in Time Provisioning Feratures to create/update the User during login based on attributes sent via SAML.

Like Bruno describes, we also support attribute mapping, so that we can basically use any attribute in AD to represent the Username ... we also support transformation via Regex (for example dropping a Domain extension) if necessary.

If you like to give our plugin a testdrive or discuss your setup with more directly let me know.

Just for completeness - there are plugins from other Vendors in the marketplace too. All at different price & feature levels: https://marketplace.atlassian.com/search?query=saml

All the best from a grey & snowy Berlin.


Cheers,
Christian

Reply
0 votes
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2018

Hi @DKB Service GmbH

In LDAP2, is there any other user attribute than samAccountName (e.g. CN) whose value would be the expected one ("firstname.lastname" in your example)? In which case, you would just need to change the username attribute in the configuration of your directory connector in Crowd.

If not, you can use user aliases: https://confluence.atlassian.com/crowd/specifying-a-user-s-aliases-194805921.html

But that means that you will have to define such aliases for all your LDAP2 users for both Jira and Confluence. There is a REST API that will allow you to do it by script though: https://jira.atlassian.com/browse/CWD-1469

Hope this helps.

Bruno

View More Comments
DKB Service GmbH
DKB Service GmbH March 22, 2018

yes, there is another attribut like cn.

 

this was my first idea, to use this instead samaccountname. BUT the user from ldap2 should login in Future with S111998237.

 

Our goal is to reach a sso via saml (in future)

------------

define aliases is a huge effort

Like
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2018

SAML does not impose to keep the samAccountName as the username used for login. That's what SAML attribute mapping is for.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events