Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can jira work as an authentication server for other software?

liansheng zhang
liansheng zhang November 5, 2020

Hi,

My company maintains an openldap server which stores the information of all the employees. All company internal systems authenticate with it when users login.

My department is responsible for software developing/testing and divided into many teams. I want to add the employees of my department to corresponding team in openldap so that I can manage user permission based on teams in jira/confluence/gerrit/gitlab/svn/jenkins/sonarqube and so on. However, I have no permission to add team or group  to company openldap server.

My plan is to :
1. set up a new server inside my department to store the user information. The new server could be a jira server, or a ldap server, or anything else.
2. synchronize the user data necessary from the company openldap server to my department server.
3. create groups in department server.
4. add users to corresponding group in department server.
5. confluence/gerrit/gitlab/svn/jenkins/sonarqube authenticate with department server instead of the company one.

I know Jira has such functionality. We can manage the users synchronized from ldap server into different groups in jira server, and then the jira server can authenticate for confluence, but I don't know if Jira can authenticate for other software such as gerrit/gitlab/svn/jenkins/soarqube.

If not, is there other alternative solution? Any help is appreciated.

BRs,
Liansheng


 

 

Answer
Watch
Like Sudarshan likes this
345 views

2 answers

2 accepted

0 votes
Answer accepted
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2020

Hi Liansheng,

when you mentioned

However, I have no permission to add team or group to company openldap server.

I'd suggest to open a discussion with the appropriate team instead of introducing a new piece of infrastructure. Although I do not know the details on the "why" for obvious reasons this is something which sounds non-technical at first sight and might be discussed further.

For the technical part Nic mentioned some good points - from my point of view a centralized LDAP server is present - it would be worth a lot focusing on it.
For a "department LDAP" you would (surely?!) go through all the considerations like operations, who to call on weekends, including backup, documentation, support and so on.
For that case I also would not recommend trying to authenticate against the single Jira instance.

Cheers,
Daniel

View More Comments
liansheng zhang
liansheng zhang November 8, 2020

Thanks Daniel, you are right, it is non-technical.

I am talking to the apprppiate team guys now, and get some progress. They might grant me restricted permissions to certain directory on the company server.

Like
Reply
0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 5, 2020

Jira has a simple user service built into it, called "embedded crowd".  It is a very cut-down type of Crowd, but it can be used by other servers.  Those other servers however, need to be written so that they can use an embedded-crowd as their directory server.  As far as I am aware, Atlassian Software (Confluence for example) is the only thing that can do it. 

What you're proposing will not work without you doing a load of coding for a load of programs that do not know how to talk to Jira for this.

I question why you would want to as well.  You already have an ldap server which is more functional and can be used as the directory for lots of services.  If you moved to Jira, you'd have to accept a loss of a lot of that functionality, and your user maintenance would have to move from your department services to your Jira administrators

What would be the benefit of moving to Jira instead of LDAP?

View More Comments
liansheng zhang
liansheng zhang November 5, 2020

Thank you for confirming, Nic.

So the way it to set up a new ldap server in my department, sync user data from company ldap server to it , and then manage user groups in department ldap server.

However, as far as I know, in openldap master-slave replication, we can not add new groups in the slave node , because the slave node can be read but not written,  right?

It seems not an issue to discuss in atlassian community, but i will be much appreciated if any more suggestion/information about it.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 5, 2020

It depends on how you set up the two LDAP servers, I can't tell you much about it, but I understand it's possible to have two nodes that are equals.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events