Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Active Directory integration

Mohant
Mohant November 8, 2012

Before, we were using internal directory. All of the our groups and permissions at internal.

After creating microsoft active directory our user come from active directory (first one) and internal.

And most of the users are in both directory. Active directory users(who is also in internal directory) can not login now. How we can take groups information from at internal directory,not in active directory?

Any suggestions for this migration? (Users from AD and groups at intenal)

Answer
Watch
Like Deleted user likes this
37384 views

4 answers

1 accepted

2 votes
Answer accepted
Bhushan Nagaraj2
Bhushan Nagaraj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2012

Hi Mohant,

You have to use "Internal with LDAP Authentication". This uses active directory only for authentication, but the groups are from JIRA.

Documentation is available here

https://confluence.atlassian.com/display/JIRA/Connecting+to+an+Internal+Directory+with+LDAP+Authentication

Since you already have these users in an internal directory, it is important that you order the directories correctly.

View More Comments
Bhushan Nagaraj2
Bhushan Nagaraj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2012

That is the behaviour expected. You will have to treat them as a new user and associate them to project roles/groups. They are automatically added to jira-users group with the "Copy User on Login" selected.

What is the total number of users are we talking about here?

Like
Mohant
Mohant November 8, 2012

I select "Delegated LDAP Authentication" as first. And without "Copy User on Login" and our users can not login who is defined before on internal and also in active directory.

However, i check "Copy User on Login" users can login but they lost their internal group informations at user list group information.


Like Jan-Willem Hordijk likes this
Mohant
Mohant November 8, 2012

More than 300 users and more than 50 groups.

how we can do this automaticaly?

Like
Mohant
Mohant November 8, 2012

Moreover, i get this error while try to login

Directory 'Delegated LDAP Authentication' is not functional during authentication of XXXX

Like
Zul NS _Atlassian_
Zul NS _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 8, 2012

If you are using 5.0 and later, I think it will help to use the "migrate user from one directory to another" link

Like Adam Harm likes this
Reply
7 votes
Georges Moubarak
Georges Moubarak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2015

Hi Mohant,

I had the same issue as you do. I had 1500 users with 96 groups. 

Before you start, you need to make sure that you internal JIRA users and AD users have same usernames.

What I have done is I connected JIRA to "Internal Directory with LDAP authentication" but as you already mentioned, when the users login with their AD credentials they will not be in their old JIRA groups.

Then I have removed it. Now I have retrieved all groups from the database and then I used this query to retrieve a list of users for each group: "select child_name from jiraschema.cwd_membership where parent_name ='group name'". Then for each result, I have created a comma seperated list of the users using Excel and copied this list to the bulk group edit tool in JIRA.

For 96 groups, this operation took me around 5 hours. But it is done once for all.

View More Comments
Balu Wagle
Balu Wagle May 18, 2021

Hi George

Sorry for raising this question so late but I will be doing something similar at my location. 

Are you indicating the you can have the same username (one from AD and one from Internal) in the Internal group at the same time? I know AD users can be added to the Internal groups but wasn't sure if it would error out since the same username (internal) is already present in the group. Or did you have to remove the internal user from the group first?

Like
Reply
1 vote
UoS Web Team People
UoS Web Team People November 8, 2012

Are you wanting you use JIRA with Active Directory as the user source? Have some users already been using JIRA and are stored locally?

A username can only exist once, either locally or delegated (externally), so this will be why your users can't login as they did before.

In order to fix this you will need to define a Delegated Authentication source and migrate your local users to the Delegated Authentication source - don't migrate your local sysadmin user though! At present this can only be done via database commands, so if you wish to go down this route then please backup your JIRA instance and database first. Once you have done that then these instructions may help. (They worked fine for us.)

Reply
0 votes
CI_Service_account
CI_Service_account
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 18, 2016

does this document https://confluence.atlassian.com/display/JIRA/Connecting+to+an+Internal+Directory+with+LDAP+Authentication work on JIRA cloud

View More Comments
Zul NS _Atlassian_
Zul NS _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 18, 2016

I don't think so, "External User Management" is restricted as per https://confluence.atlassian.com/adminjiracloud/restricted-functions-in-jira-cloud-applications-776636921.html 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events