For the LDAP delegated auth directory I have setup the default group membership as 'jira-users' ie..
Default Group Memberships
When a user in this directory authenticates successfully for the first time, they will be automatically added to the following groups:
jira-users (remove)
When a new user logs into JIRA, they get the message "Sorry, your username and password are incorrect - please try again."
but in the Crowd's log I see messages of successful group imports
2012-05-03 09:15:32,540 http-8095-3 INFO [atlassian.crowd.directory.DelegatedAuthenticationDirectory] Imported user "xyz's membership of remote group "DD_MP" to directory "Delegated Authentication Directory".
...
....
After a manual synch on the Crowd directory from within JIRA the user is able to get in.
How do I set this up so that the first time user is able to get in successfully as jira-user?
There is a JIRA ticket open for this so VOTE it up!!
https://jira.atlassian.com/browse/JRA-26882
I got this ticket off Shihab after discussing this with him @ Summit
For a client I get around it a little bit doing it this way (By no means perfect)
Set JIRA to low sync time (1-5 minutes)
Modified Crowd so that on User Import (from one directory to another) it runs the code to add new users to the default groups
Setup 2 directories in crowd, 1 delegated and the other a normal LDAP connection that ISN'T used in any applications. You then can manually source the users into the delegated directory by doing the User Import between the 2 directories and the new users get added to the default groups.
When JIRA syncs it gets them.
Not perfect but if done as a procedure daily or whatever then the user accounts are generally ready for any new user to come along and their account is present and in the right groups.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I got reply back from Atlassian's support saying that this is the expected behavior.
Is anyone using delegated auth? If you are, any recommendation on how to handle the above?
I would like to see the first time users being able to login to JIRA as a 'jira-users'.
thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.