How to migrate jira accounts from local to LDAP?

How should I migrate a Jira using local accounts to one that is using, mostly, LDAP accounts.

The system has the following authentication setup: #1 mecanism an Active Directory (LDAP) and 2nd the local directory. This setup requires all users with accounts that do match LDAP account id to enter LDAP password, even if they could have a different password for the local account. (That's OK)

I have almost 1000 local users which have to be migrated to LDAP, sometimes with account rename.

I know about the Groovy Runner plugin which can rename and merge accounts.

Which should be the proper workflow in order to achieve this without too much trouble for the admin and also for the users.

The most important part: I want to be sure that if the LDAP account is disabled the user loose the access to the system.

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

3 answers

1 accepted

This widget could not be displayed.

Hi Sorin,

There is also a JAC ticket with a lot of workarounds (in the comments) and suggestions to achieve this need for this same purpose here: https://jira.atlassian.com/browse/JRA-24213

Hope this helps!

Regards,

To those interested the solution is to rename all the accounts to match the LDAP usernames. For Jira pre 6.x this can be done via a third party plugin, or with Jira 6.x+ from inside Jira. For migrating the groups you can use REST to automate the process.

This widget could not be displayed.

Hi, are you using JIRA 5.x? At the moment JIRA 5.x can migrate from local accounts to local accounts with LDAP as per this ticket. The ticket also lists potential ways to do this manually. If you are using full LDAP and other forms of Auth, please refer to this ticket, which is still to be implemented.

Unfortunately for now the best method in your case should be using Groovy RUnner or similar.

Cheers,

This widget could not be displayed.

Migrating users from one directory to another.

About:

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

Is your LDAP directory in the first position of the user directories list? I think this should not happen in that case.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

276 views 5 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you