Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can jira work as an authentication server for other software?

Hi,

My company maintains an openldap server which stores the information of all the employees. All company internal systems authenticate with it when users login.

My department is responsible for software developing/testing and divided into many teams. I want to add the employees of my department to corresponding team in openldap so that I can manage user permission based on teams in jira/confluence/gerrit/gitlab/svn/jenkins/sonarqube and so on. However, I have no permission to add team or group  to company openldap server.

My plan is to :
1. set up a new server inside my department to store the user information. The new server could be a jira server, or a ldap server, or anything else.
2. synchronize the user data necessary from the company openldap server to my department server.
3. create groups in department server.
4. add users to corresponding group in department server.
5. confluence/gerrit/gitlab/svn/jenkins/sonarqube authenticate with department server instead of the company one.

I know Jira has such functionality. We can manage the users synchronized from ldap server into different groups in jira server, and then the jira server can authenticate for confluence, but I don't know if Jira can authenticate for other software such as gerrit/gitlab/svn/jenkins/soarqube.

If not, is there other alternative solution? Any help is appreciated.

BRs,
Liansheng


 

 

2 answers

2 accepted

0 votes
Answer accepted

Jira has a simple user service built into it, called "embedded crowd".  It is a very cut-down type of Crowd, but it can be used by other servers.  Those other servers however, need to be written so that they can use an embedded-crowd as their directory server.  As far as I am aware, Atlassian Software (Confluence for example) is the only thing that can do it. 

What you're proposing will not work without you doing a load of coding for a load of programs that do not know how to talk to Jira for this.

I question why you would want to as well.  You already have an ldap server which is more functional and can be used as the directory for lots of services.  If you moved to Jira, you'd have to accept a loss of a lot of that functionality, and your user maintenance would have to move from your department services to your Jira administrators

What would be the benefit of moving to Jira instead of LDAP?

Thank you for confirming, Nic.

So the way it to set up a new ldap server in my department, sync user data from company ldap server to it , and then manage user groups in department ldap server.

However, as far as I know, in openldap master-slave replication, we can not add new groups in the slave node , because the slave node can be read but not written,  right?

It seems not an issue to discuss in atlassian community, but i will be much appreciated if any more suggestion/information about it.

It depends on how you set up the two LDAP servers, I can't tell you much about it, but I understand it's possible to have two nodes that are equals.

0 votes
Answer accepted
Daniel Ebers Community Leader Nov 07, 2020

Hi Liansheng,

when you mentioned

However, I have no permission to add team or group to company openldap server.

I'd suggest to open a discussion with the appropriate team instead of introducing a new piece of infrastructure. Although I do not know the details on the "why" for obvious reasons this is something which sounds non-technical at first sight and might be discussed further.

For the technical part Nic mentioned some good points - from my point of view a centralized LDAP server is present - it would be worth a lot focusing on it.
For a "department LDAP" you would (surely?!) go through all the considerations like operations, who to call on weekends, including backup, documentation, support and so on.
For that case I also would not recommend trying to authenticate against the single Jira instance.

Cheers,
Daniel

Thanks Daniel, you are right, it is non-technical.

I am talking to the apprppiate team guys now, and get some progress. They might grant me restricted permissions to certain directory on the company server.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you