We have Jira 5.1.x, connected to the Crowd (first & top directory) and having Internal directory too.
Crowd has configured Delegated directory, connected to the AD. AD has big number of users, but Delegetad Directory itself has a limited number of users, identical with the AD.
Is it possible to use in Internal directory username, present in the AD but doesn't present in Delegated directory ?
For the moment users can't login to the Jira before identical account will created in the Crowd delegated directory. Moreover, Jira connected to the Crowd by read-only connection, but Crowd create empty accounts when user try to login to the Jira.
Hi, if you use a full LDAP directory and not Delegated Authentication Directory, you should auto sync from LDAP into Crowd without any changes.
You can also do this in JIRA itself since it has an "embedded Crowd" module to sync from AD. Atlassian doesn't recommend more than 500 users this way though.
Using of full LDAP is not usable for us due to the security restrictions (Crowd can't change anything in LDAP) and total difference in groups. Jira (and Crowd) has some hundreds groups, but LDAP doesn't have it (but have it's own set of groups).
This is why we used Delegated Directory.
We doing big migration for users from Internal Directory to the Crowd. But, we can't do this at once. The idea was - creating one by one users in Crowd and switch Crowd directory on top in Jira. Users, who doesn't present in Crowd for the moment, should login using Internal credentials. But, in this configuration users who have identical username in Jira Internal & in AD can't login to the Jira.
Seems, Crowd check users in AD even if users doesn't present in Delegated Directory !
So, my question is - any workaround for this situation or we need to migrate all identical users at once anyway ?
Crowd has an option to disable the "Add Users" permission in the directory configuration withing the Application section. If you unmark this option, the users from LDAP shouldn't be created upon login into the client application.
However there is a know bug in this functionality, please vote on it and add yourself as watcher for further updates.
Bug on user creation is bad, but I don't really understand what really happens.
I fix situation with user creation by recipe, which found here:
& in documentation:
Seems, in this configuration new user wasn't create.
But, users with identical username in Internal directory & in AD still can't login.
This users doesn't presented in Delegated directory !
Here is the main trouble for us.
Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot