Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I switch JIRA from using ActiveDirectory to Crowd?

Greg MacLellan
Greg MacLellan August 1, 2013

Initially we started with just JIRA, but have been slowly using more Atlassian products, and have now installed Crowd. Both connect to ActiveDirectory in an identical way: same user, same configuration.

JIRA still authenticates directly to ActiveDirectory; are there any considerations or best practices to switch it to using Crowd?

I will ensure I have an admin account working in the internal directory, so I don't get locked out,

Specifically:

  • Since usernames match, will they still be the "same" user when logged into the Crowd-provided account instead of the AD-provided account? (eg, preserve profile, assigned tickets, etc)
  • Is there any consideration I should give to permissions/groups?
  • What order should I enable/disable the directories in? Eg, should I enable Crowd before disabling AD, and will anything happen since there are duplicate users?
  • Any other suggestions?

Answer
Watch
Like Be the first to like this
677 views

3 answers

1 accepted

1 vote
Answer accepted
LucasA
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 1, 2013

Hi Greg,

I believe it will be a transparent turn-over. After configuring AD in Crowd, you'll need to integrate JIRA with Crowd. Please take a look on the following doc:
- https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA

After that, when you browse to Administration -> User Directories, you will have three user directories listed in JIRA: Crowd, AD and the JIRA Internal User directory.
JIRA will try to authenticate its user first on the directory which is on the top (the first one), so all you'll need to do is move Crowd for the top. Ask for some users try to login, and if it works, you can just disable the AD one. Since you won't have any changes on the usernames, the users won't even note the difference. :)

You can have more information about managing multiple directories in JIRA here.

Best regards,
Lucas Timm

View More Comments
Greg MacLellan
Greg MacLellan August 6, 2013

I did lose avatars and some profile stuff in the switch, but otherwise associations of ticket owners/assignment etc stayed and worked normally.

One trick is that you can't disable the directory you logged in from. I did this using an admin user in the 'JIRA internal' directory, so I was able to create the crowd and disable the AD directory. I used a second browser to test logging in.

Like
Reply
1 vote
Michael March
Michael March September 15, 2013

Switching from Confluence --> LDAP (but not using LDAP for groups) to Confluence --> Crowd --> LDAP I'm losing all the user to internal group mappings. When I switch to Crowd for authenication, all the internal Crowd groups disappear and all I have are the groups imported from CROWD / LDAP.

Is this correct behavior?

View More Comments
Dana Cleveland
Dana Cleveland
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 19, 2013

This is exactly the behavior I found in testing for both Jira and Confluence. Both Crowd and Jira (ldap) were pointing at the same external ldap, with same groups/users (crowd actually had more).

For both confluence and jira basically the jira-* (users, admins, etc), and confluence-* (users, admins) lost there mapping.

We didn't change anything else, and my understand was that upon first logon that the person (in the case of jira) when then be re-added to jira-user.

I have jira connected as Read/Write to Crowd, but crowd to ldap is read-only, so crowd would manage anything additional internal afaik.

Like
Reply
1 vote
BernardoA
BernardoA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 1, 2013

Hi Greg,

According to my understanding if users from your AD directory are same users, basically the users will be the same and will keep the same profile because these suers have the same user name.

If these groups are from AD for example you wil not have problems with membership.

You can disable the AD directory and create this new directory into Crowd to synchronize AD, and then create the crowd directory directly in Confluence.

Please check these documentation for more information.

https://confluence.atlassian.com/display/CROWD/Configuring+an+LDAP+Directory+Connector

https://confluence.atlassian.com/display/DOC/Connecting+to+Crowd+or+JIRA+for+User+Management

Feel free to comment!

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events