Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to update LDAP bind account password with command line not via GUI in Jira and Confluence?

Mai Saleh
Mai Saleh September 18, 2019

Hi All,

 

We own more than 60 Atlassian server that we had an activity that we need to update the ldap bind account password regularly, manual change takes 4 hours from GUI.

 

Support said that this process can not be automated and no API called available,

 

Have anyone manage to find a way to manage that?

 

 

Answer
Watch
Like Be the first to like this
1068 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 19, 2019

Hi Mai,

I see that you have had previous support cases about this ability to quickly change the LDAP credentials for multiple Atlassian products.   I also see that you have already rejected the idea of direct SQL changes, as this does require either the application to be restarted or a cache to flushed, so I won't bore you the idea of trying to make changes in SQL. I also saw a suggestion to use a 3rd party plugin to help automate this.  Additionally, I found the pair of feature requests for this in

With all of those avenues already explored, I have a question for you:

Have you considered implementing Atlassian Crowd to help here? 

Instead of directly connecting your Jira and Confluence instances to an LDAP server, you could instead add a new Crowd user directory for each Jira/Confluence you run.  Then within a single Crowd application, you can add your LDAP instance only once.   This way, your Jira and Confluence sites don't have to manage these LDAP connection credentials locally, they can just depend on Crowd to manage and handle that.

The major benefit I see to this approach is that if this is the same LDAP server, you only have to change those credentials once in Crowd.  The drawback is, well, you would be dependent upon Crowd and there would be an additional license cost associated with this.  However for your situation where you have lots of Atlassian applications connected to the same LDAP site, it seems like this approach could be a big time saver.

I hope this helps.

Andy

View More Comments
Mai Saleh
Mai Saleh September 20, 2019

In fact I can not accept this as answer as well :)

for a large enterprise we have many BU (Business Units) distributed all over the  globe each uses its own Atlassian servers that are not shared with other BUs and an ldap server per site, that mean I have to ask for a crowd server per site which will cost a lot adding the difficulty of idea of sharing it between BUs, so instead of Atlassian do a simple change in their tool we pay for additional crowd servers, restructure our work  adding that after all this it will not fix the issue as the crowd server point to the ldap server that I have to reset the ldap bind account for each x number of days manually again !!

Atlassian needs to enhance their tools to accept API calls that can do that, I know that there is a feature request but that doesn't mean it will be implemented soon.

 

Regarding the plugin I have been directed too, its paid license :) so i should pay almost 20K to get one for each server, which is again not a solution.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events