How to migrate jira accounts from local to LDAP?

Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 22, 2012

How should I migrate a Jira using local accounts to one that is using, mostly, LDAP accounts.

The system has the following authentication setup: #1 mecanism an Active Directory (LDAP) and 2nd the local directory. This setup requires all users with accounts that do match LDAP account id to enter LDAP password, even if they could have a different password for the local account. (That's OK)

I have almost 1000 local users which have to be migrated to LDAP, sometimes with account rename.

I know about the Groovy Runner plugin which can rename and merge accounts.

Which should be the proper workflow in order to achieve this without too much trouble for the admin and also for the users.

The most important part: I want to be sure that if the LDAP account is disabled the user loose the access to the system.

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

3 answers

1 accepted

1 vote
Answer accepted
pschaff01
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 7, 2013

Hi Sorin,

There is also a JAC ticket with a lot of workarounds (in the comments) and suggestions to achieve this need for this same purpose here: https://jira.atlassian.com/browse/JRA-24213

Hope this helps!

Regards,

Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 9, 2013

To those interested the solution is to rename all the accounts to match the LDAP usernames. For Jira pre 6.x this can be done via a third party plugin, or with Jira 6.x+ from inside Jira. For migrating the groups you can use REST to automate the process.

0 votes
Alejandro Conde Carrillo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 30, 2013

Migrating users from one directory to another.

About:

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

Is your LDAP directory in the first position of the user directories list? I think this should not happen in that case.

0 votes
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 25, 2012

Hi, are you using JIRA 5.x? At the moment JIRA 5.x can migrate from local accounts to local accounts with LDAP as per this ticket. The ticket also lists potential ways to do this manually. If you are using full LDAP and other forms of Auth, please refer to this ticket, which is still to be implemented.

Unfortunately for now the best method in your case should be using Groovy RUnner or similar.

Cheers,

Suggest an answer

Log in or Sign up to answer