Using multiple user directories - Pitfalls, Problems, Pointers?

Hi,

We are looking into adding an additional User Directory and I need advice.

We already have a "Microsoft Active Directory (Ready Only)" user directory that synchronises a "ML-JIRA" AD group with JIRA (it is a mailing list). This is no longer sustainable because we are having to manually add people to this AD group.

I've tested creating another "User Directory" that follows the method for Connecting JIRA to an Internal Directory with LDAP authentication (with copying users on first login) and I've set this directory to be the SECOND directory in the list.

Everything seems to work okay:

Users can now login to JIRA without the JIRA admins adding them to the ML-JIRA group in AD. (YAY!)

Later, the users are automatically added to the ML-JIRA list (via outside automated process) so we can still easily email all JIRA users from Outlook.

I noticed that after the user is added to JIRA and the first directory syncs, the read only Microsoft Active Directory takes precedence... 2 accounts show up in the cwd_users table, but only one account shows up in the user list with a directory of "active-directory" (which is fine).

It seems that when this happens, all the issues are magically associated with the "new" user and that first user directory is used from then on for authentication.

Is this configuration okay? Can you foresee any issues using the authentication in this way?

I've already configured the synchronization groups to be the same...and it seems to work (users logging in to JIRA without being added to my AD group are automatically ending up in the right groups in JIRA).

However, I don't know if I'm missing something... has anyone done this, are there any known issues or things I should watch out for?

Thank you~!

1 answer

1 accepted

This widget could not be displayed.

Hi Nathan,

When you have the same user associated to more than one User Directory, JIRA will always associated them to the higher directory containing them.

JIRA uses the user names to verify they are the same user and all issues/comments/etc will remain associated to the user, regardless of the directory he's in.

The main difference between your old directory and the new one, is that the new one synchronizes users at the time they log into JIRA, while the old directory synchs on a set interval of time.

I'm not sure if you'd still need the old directory in your scenario, but it doesn't seem to cause any problems too, so I believe you may continue as you are now fine.

Cheers

Awesome... everything looked okay in our tests... so we'll continue.

Also, the reason we'd want the old directory is that some people will exist in User Pickers before they EVER login. In order to get them to show up in a user picker, we'll need to keep the old directory that syncs automatically. (At least, that is how I understand it).

Thanks!

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted 12 hours ago in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

39 views 1 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you