Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Crowd delegated directory - is available to use usernames from AD in Jira Internal directory without creation in Crowd?

Andrey69
Andrey May 19, 2013

We have Jira 5.1.x, connected to the Crowd (first & top directory) and having Internal directory too.

Crowd has configured Delegated directory, connected to the AD. AD has big number of users, but Delegetad Directory itself has a limited number of users, identical with the AD.

Is it possible to use in Internal directory username, present in the AD but doesn't present in Delegated directory ?

For the moment users can't login to the Jira before identical account will created in the Crowd delegated directory. Moreover, Jira connected to the Crowd by read-only connection, but Crowd create empty accounts when user try to login to the Jira.

Answer
Watch
Like Be the first to like this
466 views

2 answers

0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2013

Hi Andrey,

Crowd has an option to disable the "Add Users" permission in the directory configuration withing the Application section. If you unmark this option, the users from LDAP shouldn't be created upon login into the client application.

However there is a know bug in this functionality, please vote on it and add yourself as watcher for further updates.

Cheers

View More Comments
Andrey69
Andrey May 21, 2013

Hi Tiago.

Bug on user creation is bad, but I don't really understand what really happens.

I fix situation with user creation by recipe, which found here:

https://answers.atlassian.com/questions/2108/how-do-i-stop-a-delegated-directory-from-automatically-adding-ldap-users
& in documentation:
https://confluence.atlassian.com/display/CROWD/Specifying+which+Groups+can+access+an+Application

  1. Next to your delegated LDAP directory, change the "Allow All to Authenticate" to "False"
  2. Then select the Groups tab, add in your jira-users, confluence-users (or whatever) from the delegated LDAP directory (and it has to be this directory, not a same named group in another directory)


Seems, in this configuration new user wasn't create.
But, users with identical username in Internal directory & in AD still can't login.
This users doesn't presented in Delegated directory !
Here is the main trouble for us.

Like
Reply
0 votes
Harry Chan5
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2013

Hi, if you use a full LDAP directory and not Delegated Authentication Directory, you should auto sync from LDAP into Crowd without any changes.

You can also do this in JIRA itself since it has an "embedded Crowd" module to sync from AD. Atlassian doesn't recommend more than 500 users this way though.

View More Comments
Andrey69
Andrey May 20, 2013

Using of full LDAP is not usable for us due to the security restrictions (Crowd can't change anything in LDAP) and total difference in groups. Jira (and Crowd) has some hundreds groups, but LDAP doesn't have it (but have it's own set of groups).

This is why we used Delegated Directory.

We doing big migration for users from Internal Directory to the Crowd. But, we can't do this at once. The idea was - creating one by one users in Crowd and switch Crowd directory on top in Jira. Users, who doesn't present in Crowd for the moment, should login using Internal credentials. But, in this configuration users who have identical username in Jira Internal & in AD can't login to the Jira.

Seems, Crowd check users in AD even if users doesn't present in Delegated Directory !
So, my question is - any workaround for this situation or we need to migrate all identical users at once anyway ?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events