LDAP configuration issue

J. Caldwell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 28, 2012

Hey all. I'm trying to fix someone else's issue and have something I've never run into before and wanted to ask here before I hit up support. My initial thought is that I'll need to kill some things at the DB level.

Two LDAP configurations were setup, pointed at the same server, just differently, one was delegated and one was "copy user on login" The delegated one was done first. A bunch of people signed in through that. The 2nd one was the correct one to use. The first setup doesn't let some subset of users in. The 2nd one will.

But because they are pointed at the same LDAP server, they are "duplicates" which Jira doesn't like. I've tried changing the order, but that doesn't work. When I disable the bad one, it kills everyone's account and doesn't let them sign in using the good one.

I think I will need to kill the users in the DB after moving their content, but I am not sure.

Thoughts?

J

1 answer

0 votes
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 28, 2012

When you disable the bad one, why isn't it allowing users to login using the good one? Do you have "JIRA Users" permission limited to groups like "jira-users" which is there only in JIRA? Not in your LDAP? If so, grant the permission to some LDAP groups as well. Or add the "jira-users" group in LDAP and add users into it.

J. Caldwell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 28, 2012

The user exists in both and is the same entity because they are pointing at the same LDAP server. When I disable it, everyone disappears who is associated with that user directory. I then try to login to auto-create the account from the correct one, or even adding the account with the correct one and the users can never login even when they have jira-user group. Error in the logs has to do with the entity already exists in a different service.

Suggest an answer

Log in or Sign up to answer