Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Migrate users from one Jira (Server) Internal Directory to another Jira (Server) Internal Directory

How can I migrate Users from one Jira Server Internal Directory to another?

 

Initial situation:

Jira Server A

JIRA Internal Directory (of A)

  • (admin)
  • Max
  • Andrew

LDAP

  • Kate
  • Anne

User Directory of Jira B (set up like this --  read/write permission)

  • Dieter

 

Jira Server B

Jira Internal Directory (of B)

  • Dieter

-----------------------

 

Desired situation:

 

Jira Server A

(JIRA Internal Directory (of A))

  • (admin)

LDAP

  • Kate
  • Anne

User Directory of Jira B (set up like this --  read/write permission)

  • Dieter
  • Max
  • Andrew

 

Jira Server B

Jira Internal Directory (of B)

  • Dieter
  • Max
  • Andrew

2 answers

1 accepted

I've found a solution myself:

  1. Exporting user information with ScriptRunner / SQL by performing
    select * from cwd_user where directory_id = 1
    ('1' is the number of the internal Jira User Directory)
  2. optional Filtering the list of users
  3. Bulk importing the users with a ScriptRunner script

Note that I've only migrated user names and email addresses and added them to a group. No login credentials or other information where migrated.

Are the scripts you're referring to available somewhere?

Groovy script for ScriptRunner that creates users:

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.event.user.UserEventType
import com.atlassian.jira.exception.CreateException
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.UserDetails

def uu = ComponentAccessor.userUtil


// START config
def directoryId = 1L
def password = "dummy-password-for-all-users"
def usernamesWithMail = [ // "username": "mail-address"
"john.doe" : "john.doe@example.com",
"max.mustermann": "mm@example.com"
]
// END config


// START code
def successCount = 0
def failCount = 0
log.warn("creating ${usernamesWithMail.size()} users...")
usernamesWithMail.each { username, mail ->
try {
def userDetails = new UserDetails(username, username)
.withDirectory(directoryId)
.withPassword(password)
.withEmail(mail)
def user = uu.createUser(userDetails, false, UserEventType.USER_CREATED, [] as Set)
successCount++
log.warn("created user $user.name with mail $user.emailAddress")
} catch (CreateException e) {
log.warn("could not create user $username with mail $mail: $e.message")
failCount++
} catch (e) {
log.error("error creating user $username with mail $mail", e)
failCount++
}
}

def res = "created $successCount users, $failCount failed"
log.warn("$res")
"$res. see Logs tab"
1 vote
Andy Heinzer Atlassian Team Mar 30, 2018

We have a document on this topic.  Please see Migrating users between user directories.  The thing about doing this is first to understand that this migration is limited in the scope

This functionality allows for the following scenarios:

  • Migrate all users from JIRA Internal to Delegated LDAP
  • Migrate all users from Delegated LDAP to JIRA Internal
  • Migrate all users from Delegated LDAP to Delegated LDAP

As such you can't just migrate users from one Jira Internal user directory to a different Jira Internal user directory. But you could migrate these users to a delegated LDAP instance and then use that same LDAP instance in both Jira's.  

I think that would actually be the better way to do this.

How can i move users from LDAP directory to Jira internal directory?

Like Jonathan Ward likes this

"We have a document on this topic" - Yes you have. But it doesn't work.

"This functionality allows for the following scenarios:

  • Migrate all users from JIRA Internal to Delegated LDAP" - That's exactly what I want to do.

"

 

  • Choose Additional Configuration & Troubleshooting (section) > Migrate users from one directory to another.
  • This option will not appear if there are no valid directories to migrate from/to." - Well, this option DOES NOT appear although my scenario is previously mentioned to be valid. So your document is not complete. And yes, my LDAP directory is read/write.
Andy Heinzer Atlassian Team Oct 29, 2020

Hi @Fabian Graevenitz 

There is no Read/Write option listed within a delegated LDAP directory, but there is for other non-delegated LDAP directories.  I suspect that you have setup Jira to use that LDAP directory in this non-delegated method, which in turn would make it invalid to migrate users to or from.

Please see this screenshot for more information:

Screen Shot 2020-10-29 at 4.55.39 PM.png

In my example it defaulted to the 'delegated ldap auth' name, but the type also shows just OpenLDAP, not the OpenLDAP Read or Read/Write that happens in non-delegated user directories.  You can see how that is different than the screenshot in https://confluence.atlassian.com/adminjiraserver/configuring-user-directories-938847049.html which shows it as a directory type of 'OpenLDAP (Read-Write)'.

You will probably need to add this LDAP directory to Jira once more, but this time choose the option called 'Internal with LDAP Authentication'.

Screen Shot 2020-10-29 at 4.59.02 PM.png

 

This should then let you migrate those users between directories.

Andy

@Andy HeinzerThank you for the appendix.

As you suspected I had an ordinary LDAP Server configured. Creating the delegated one worked partially. I than could migrate the users from Jira's point of view but I couldn't see those created users in my LDAP directory. Furthermore the group memberships were lost in that process. We are using Jira Server 8.5.5

I already had moved most of the users manually and there were only 3 of them left. So I decided to move them manually too instead of trying to figure out why automatic migration doesn't work properly.

Positive: Jira noticed these new users by name as documented and our users weren't be affected by that administrative change.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you