How to migrate jira accounts from local to LDAP?

How should I migrate a Jira using local accounts to one that is using, mostly, LDAP accounts.

The system has the following authentication setup: #1 mecanism an Active Directory (LDAP) and 2nd the local directory. This setup requires all users with accounts that do match LDAP account id to enter LDAP password, even if they could have a different password for the local account. (That's OK)

I have almost 1000 local users which have to be migrated to LDAP, sometimes with account rename.

I know about the Groovy Runner plugin which can rename and merge accounts.

Which should be the proper workflow in order to achieve this without too much trouble for the admin and also for the users.

The most important part: I want to be sure that if the LDAP account is disabled the user loose the access to the system.

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

3 answers

1 accepted

Hi Sorin,

There is also a JAC ticket with a lot of workarounds (in the comments) and suggestions to achieve this need for this same purpose here: https://jira.atlassian.com/browse/JRA-24213

Hope this helps!

Regards,

To those interested the solution is to rename all the accounts to match the LDAP usernames. For Jira pre 6.x this can be done via a third party plugin, or with Jira 6.x+ from inside Jira. For migrating the groups you can use REST to automate the process.

Hi, are you using JIRA 5.x? At the moment JIRA 5.x can migrate from local accounts to local accounts with LDAP as per this ticket. The ticket also lists potential ways to do this manually. If you are using full LDAP and other forms of Auth, please refer to this ticket, which is still to be implemented.

Unfortunately for now the best method in your case should be using Groovy RUnner or similar.

Cheers,

Migrating users from one directory to another.

About:

Currently if you are using a dual-configuration and you have the same account name in both LDAP and local directory, the user will not loose access to the system.

Is your LDAP directory in the first position of the user directories list? I think this should not happen in that case.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

578 views 6 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you