Update LDAP info for imported users who haven't logged in yet

Background:
I'm in the middle of transferring my users and issues from our existing 4.4.3 Jira server(Ottawa) to a new 5.2.2 server in Sweden. I have three majors issues to address:

  1. Upgrading from 4.4.3 to 5.2.2. I have modified numerous aspects of Jira:
    - velocity email templates
    - external perl scripts for process control with my SVN repositories
    - groovy scripts in my Workflows

  2. My Ottawa userids do not match up with my new userids in Sweden.
    I know there is a whole Jira issue discussion on how Jira does not support renaming users. It was a toss up between editing and manipulating MySQL code and database tables(that aren't officially documented) or post-process the Jira backup XML file. Since the Swedish server is a brand new instance, I went with the latter and successfully imported all my projects and remapped userids (to their Swedish counterparts) but now for the third issue.

  3. The recommended method for accessing the LDAP data differs between the small company
    Ottawa setup using "MicroSoft Active Directory" and the large ldap implementation in Sweden using "Generic Directory Server (Internal with LDAP Authentication)".


The first two cases are being handled well. With the third case, I have noticed that the converted userids have no LDAP data (i.e. like their full name) until the user logs in for the first time. I'm assuming it is a caching issue. I need the LDAP info like their real full names else problems will arise especially when searching for issues. i.e. I know a person's full name but with their associated userid is not always obvious.

Question#1: How can I force Jira to update its LDAP cache for the 180 users that were part of the existing import without having all of them log in for the first time?

I really don't want to send out a broadcast email giving some lame excuse to log into the new Jira site. As well, most of the users will still ignore the email until they really need to log into Jira for the first time.

Any ideas, thanks Brent

2 answers

1 accepted

In the end, I used the Directory type: "Microsoft Active Directory" which would allow each LDAP definition to be 'synchronized" on a periodic basis.

Your question is so thoroughly written, that I am hesitating to write my (out of head) thoughts ;-)

  • I would go into scriptrunner and start to tweak with DirectoryManager - as I did in my another answer. IMHO you need dig into DelegatedAuthenticationDirectory
  • If it would not help, I would temporary reset user password and write script for logging all users.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,006 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot