I would like to set up Jira in a way that would be visible from Internet (and thus accessible to our partners) and at the same time would authenticate them with our Acitve Directory.
LDAP integration seems to be fairly straightforward in Jira, however I couldn't find any details as to what exactly does "synchronization" do. Looks like it basically replicates the user catalog from AD in Jira's database and the question I have to which I couldn't find an answer is: how are user passwords treated?
that is my understanding of the LDAP-sync:
# Jira stores no passwords
# Authentification is made against LDAP-Directory
# Synchronisations means, that for example usernames, groups and groupmemberships are copied to the internal Jira-Directory so that permission-queries etc can be realized faster
That's what I thought as well, but this document https://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP+Directory
has a list of settings that need to be configured and in "User Schema" there's
User Password Attribute
The attribute field to use when loading a user's password. Example:
How is this used?
just had a look into the DB (cwd_users) where i found the table-column 'credentials' which seems to store the encrypted password...
so the answer to your initial questions..
.. must be:
Passwords are stored in the Jira DB (cwd-users) but they are hashed and can not be converted into clearext?!
I think there has to be an attribute for pw cause the admin-user has to store his pw somewhere but i dont know why Ldap-users pws have to be stored ...
Pretty weird that you have the password hash stored in the cwd_user table for LDAP users. There shouldn't be any, it should show 'no pass' (or similar) instead. May I know what type of LDAP connection have you configured? What is the directory_id for the users that has the encrypt password in database?
As for the 'user password attribute', I believe it is for JIRA to determine which attribute is the password for the user. If it is not specified, how can JIRA know which attribute is the password in LDAP and which to retrieve for the authentication?
Synchronization will retrieve all user informations that is configured to be retrieved. Such as e-mail address and others. In the delegation processs, Confluence retrieve this information during authentication process which means Confluence retrieve the user information one in a time while synchronization, it will retrieve all users information in one process.
For example, in synchronization you should be able to see the users data after the synchronization process done while in delegation process, you would need to wait till the users authenticate against Confluence.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot