I've never been able to figure this one out. Let's say I have a user directory in crowd that has 700 users. A group in that directory has 10 users.
Okay -- now I have 2 Jira instances, one with a 500 user limit, the other with 2000. I don't care (in fact I want) all 700 to be in the 2000 user jira. But I want only the 10 users from this particular group in the directory to apply to the other Jira. With me so far?
Right -- so in Crowd, for the application where I only want 10 users, I add the directory, mark all users can authenticate as false, and specify the group with the 10 users I want.
The use case here is for a handful of users to have internal access rights, but everyone to have external access rights. (We acquired a company, and are absorbing them into our environment).
Unfortunately, when I sync my internal Jira instance (the 500 user one) -- it pulls in all users towards my license, exceeding my limit. It's pretty much saying to me -- "Yeah, I don't care that you specified that you don't want everyone to authenticate -- I am adding them all. Enjoy!"
-- these users are local, not ldap
Is there a way to accomplish this? Seems to me I should be able to dictate which users can authenticate to my applications, regardless of directory.
Anyway -- there you go. Frustrating situation. I know I could create the users in a separate group or directory, but I don't feel like I should have to. That's wasted replication of effort. ;)
There's no nice way to accomplish that, short of some custom development or separate directories / groups as you mentioned. The set of constraints leading to this unfortunate situation is that
So yep, the cleanest work around is probably to get each JIRA instance to use separate "user can use JIRA" groups.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG