Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to change from Crowd to AD for user management?

Josh Fechner
Josh Fechner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 19, 2011

Currently we're paying for a Crowd license, but the way I see it, the only thing Crowd is doing is being an intermediary between Jira and our AD. Apparently, when we first implemented Jira, it was necessary to use Crowd in such a manner, because Jira didn't have the functionality to directly access an AD. With newer versions, however, it seems that functionality was added. We have now upgraded to Jira 4.3, and we don't feel like we need to be using Crowd for user management anymore. Is it possible to migrate from one to the other? I understand there are some gotchas (i.e. you can't have duplicate usernames in Jira), but are there ways around them?

Answer
Watch
Like Be the first to like this
1192 views

1 answer

1 accepted

3 votes
Answer accepted
cgauterio
cgauterio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 27, 2011

Hi Josh,

Yes, you can change from Crowd to AD for user management. As for JIRA 4.3 and later, you can manage users and groups in AD. You can create two different types of LDAP directories: an LDAP directory for delegated authentication or Microsoft Active Directory directory.

On the first one, you can create the directory and then 'manually' move your current users and groups from the Crowd directory to this newly created directory by running a few queries on the database:

update cwd_user set directory_id = ? where directory_id = ??;

update cwd_user_attributes set directory_id = ? where directory_id = ??;

update cwd_group set directory_id = ? where directory_id = ??;

update cwd_membership set directory_id = ? where directory_id = ??;


Where "?" is the id of the newly created directory and "??" is the ID of the Crowd directory in JIRA.


As for the second one, the queries won't be useful since everytime you synchronize your directory, all the membership for the users will ve retrieved from your AD again and will overwrite any changes you have made.

Just as a side note, if you choose the second option, under Permission Settings, I'd suggest you choose Read-Only with Local Groups. With this option enabled you will be able to able to add your users from AD to the JIRA built-in groups: jira-administrators, jira-developers, jira-users.

I hope it helps.

Kind Regards,
Clarissa Gautério
Atlassian Support

View More Comments
Matthew Miling
Matthew Miling June 10, 2015

Does this mean that when Active Directory is added as a Directory, JIRA will automatically import all Active Directory users, which will overwrite existing ones if the username matches?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events