JIRA 4.4 how to remove "Can't access your account?" from login box?

Hi Earl,

Thanks for the feedback.

Improvement requests should be raised at https://jira.atlassian.com/
Please paste the URL back here for reference once you have raised your request.

The "email templates" are currently customisable, but not through the UI - you need to edit some installation files.
eg see:

atlassian-jira/WEB-INF/classes/templates/email/text/cannotchangepassword.vm

Hi Earl,

I like your setup with the emergency account in the Internal Directory - that is what I would recommend as best practise to any users. Perhaps a good improvement request would be the ability to "lock" the Internal Directory - setting it to read-only?

Meanwhile, I don't think the "Can't access your account?" link is completely useless even for read-only accounts.

Firstly, it can remind you of your username based on your email - although admittedly for a shared LDAP account you hopefully remember it. :)

Secondly, when requesting a password, JIRA is now smart enough to detect that you have a read-only account and the email will look like:

  You (or someone else) has requested to reset your password.

---------------------------------------------------------------------

This user account is managed in an external User Directory and JIRA is not able to update your password.

Please contact your System Administrator if you have any further queries.

Here are the details of your account:
---------------------------------------------------------------------
            Username: mlassau
               Email: mlassau@atlassian.com
           Full Name: Mark Lassau

I'm asking the same question that's in the subject -- but not the same one that's in the text. Hmmm.

I have two user directories -- an Active Directory account set up as Read-Only with Local Groups, and a local directory with only one user in it (a generic jira admin account, so there's always a way to log into JIRA as an admin even if active directory is down).

When users go to JIRA (all of whom should be using their AD credentials to log in), they see the "Can't access your account?" link, with an offer to email them their username or password. But, of course, they should know their username already and their password can't be changed from JIRA (Read-Only, remember?), so what they REALLY need is to be told to use their AD credentials or go contact the help desk like they would if they forgot how to log into their PC (network account).

So without losing the ability to have a generic JIRA admin account for emergencies, how can I eliminate the "Can't access your account?" link -- or change the page it takes them to, to a troubleshooting page that repeats the directions about their AD credentials one more time?

EDIT: Okay, after further reading, I think I'm asking for the same thing as the original question after all. I don't really want to set External User Management to YES, because I want to manage groups within JIRA (that is, the JIRA-specific groups such as jira-user, jira-projectmanager, jira-administrator -- not our imported AD groups). But then again, I don't want the link to appear. So maybe I *DO* want to set External User Management to YES. That just means any time I need to edit groups, I have to go change that flag, then make my changes, then change it back...? Awful. Workable, though, I suppose...but training other people to help manage users with that extra step will not be fun.

So you don't want to edit user properties (eg change email address), just edit group memberships?

The LDAP User Directory has a special mode called "Read-Only with Local Groups".

In this mode, all your Users are read-only from the LDAP server, and you also get all the Groups and memberships from the LDAP server.
However, in addition, you can create "local" groups. The local groups are stored in JIRA only (not saved back to LDAP), and allow you to add/remove memberships for the LDAP users.

Then, in permissions, roles etc, you can even even a mixture of local and LDAP groups if that helps you out. E.g: "Anyone in the ldap-jira-devs group or in the local-jira-devs"

Of course, if you are wanting to share these group memberships with other applications through LDAP this may not suit.

I think all I want is the ability to display that link. I have set "External User Management" to YES, although that causes me to loose the ability to add users to JIRA Groups. I will have to set to NO when I want to move people around JIRA Groups.

Basically, in my environment, I have to do a little juggling to do what I want.

People with multiple user Directories did not like the old "External Password Management" setting because it was a global setting.
When you have some users in a Read-Only directory, and some in a Read-Write directory, you want JIRA to be smart enough to allow passwords to be edited from one account but not the other.

So now (since v4.4), JIRA looks at the Directory settings for the given user to determine if you can edit the password or not.

The Login Screen will show the Forgot Login Details link if

• External User Management = OFF
  AND
• There is at least one password writable directory

If you set LDAP to be Read-Only (with a disabled "JIRA Internal Directory") then the link would not be shown on the Login screen.

But if it is Read-Write, then users can change their own passwords through the user-profile (and admins can change user passwords too). Hence we also show the "Forgot Login Details" link.