If I have a group named "QA" in my JIRA internal directory and I then add an Active Directory user directory before the internal directory, and AD also has a group named "QA". What happens? I can see two possibilitiies:
1. JIRA handles this case and the AD group becomes the one that is used in notification schemes, permission schemes, workflows, saved filters, issue security schemes and project roles
2. More likely is that the group id from the internal group gets embedded in all those places and I have to change it myself. Has anyone done this with a Groovy script before me?
Note that the Groups page only seems to show the Notification schemes a group is used in, and the user directory a group belongs to is not shown anywhere.
We're using this as a feature, to have one group configured in permission scheme, and users coming from inside (AD) and outside (internal crowd). In this case Jira makes union of user sets and username conflicts are resolved by directory order.
Everywhere we needed to use this trick we found out that only group name is taken into consideration, so it worked for us as unification between external users and company employees in terms of notifications, permissions etc.
Yes, eclipse or shadow a group, just like a user gets shadowed when you put the AD user directory above the internal user directory. I thought that I had seen the group id used in some parts of JIRA configuration but failed to find that when I went and looked.
So maybe I can just add an AD user directory with the same group names and everything will be hunky dory. But I haven't done that since JIRA 5 I think, so I'd love to hear from someone who has done this more recently
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I created a group and added it to all those places. In the XML backup it seems that the group name is used everywhere, so maybe JIRA just handles this case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You mean, like "eclipse" a group? My understanding is that it depends on the order of the directories. If the internal dir is below the AD dir, the AD group will be used. Is that not what you see?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.