Moving users between user directories in JIRA

Dolby Enterprise Apps March 2, 2016

Is it possible to move users between JIRA user directories? We have an instance where we used LDAP to authenticate users using a directory for quite some time and have about 1500 users in it and a couple of key groups for authorization of global access, etc.

 

However, now we setup a Microsoft Active Directory setup and automatically setup new users into this new directory. But we also have groups in this new directory that are sync'd via AD management (done elsewhere). 

 

Is there a way to "move" the user accounts from the old directory such that they are sync'ing in from the new directory? We need to do this without ruining the users issue history and activity. We just want them syncing and managed from a single directory and using the groups from this new directory for clean setup in the authorization and permissions configuration in JIRA.

2 answers

0 votes
Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 2, 2016
Dolby Enterprise Apps March 2, 2016

Hi Boris, thanks for answering so quickly.

So the destination directory is a "Microsoft Active Directory (Read Only, with Local Groups)" and the origin directory is "JIRA Delegated Authentication Directory". The migration tool does not show the Microsoft one as an option to migrate users from the Delegated one. However, is that because I am logged into the "Delegated" directory with the user account I am using?

Also - the "Microsoft" one is setup to create users as they appear in certain sub-trees of AD and add them to an AD group that is also a JIRA group and that group is also sync'd into JIRA. Right now, we have this old directory and would just like to consolidate. But I have a feeling I have to remove the old user so that the account then "sync's" from the Microsoft one, but that would ruin the user history.

I am also looking at this perhaps  or something like it to experiment on our dev server: https://confluence.atlassian.com/jirakb/migrate-local-group-memberships-between-directories-289277867.html 

 

Overall our goal is to just move forward with users being setup in the corporate Microsoft AD environment and then automatically getting into JIRA without direct JIRA admin work for user setup.

Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 2, 2016

Changing external user directories should not ruin the user history. If the user names are the same between both directories you can try setting your new directory to be with higher priority that the old one and disable the old one. JIRA will then authenticate users against the new one and if the usernames match everything will work. 

Basically JIRA copies all the users from external directories into its own database in a table that has username and directory ID as well as other fields which are not relevant in this dicussion. Any other objects (like issues, issue history) reference users by username, so it really does not matter where exactly the user comes from if the username is the same.

Try my suggestions in a staging/dev server and see what happens. Again - don't be afraid of loosing the history - it wont be removed if the user directory of the user is removed - if something goes wrong just bring back the user directory and sync it and the history will be fine.

Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 2, 2016

Also log-in with a user from the internal directory before exploring the available user directory options/operations as JIRA would not allow you change the user directory against your user was authenticated.

0 votes
Boris Georgiev _Appfire_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 2, 2016

Are all the usernames and group names the same or you've changed something ?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events