I am just getting started with this suite of apps and have a simple question. First, I am pretty user I have everything installed and connected correctly. As for my Crowd installation, I do not have any backend user database (no LDAP, etc.)...Crowd itself it managing the users.
I am using JIRA v6.4.9 & Crowd Version: 2.8.3 (Build:#648 - 2015-06-01)
I am attempting to add a user called testuser2 using Crowd and allow that user to log into Jira. When I try log into JIRA using testuser2, it tells me that "You do not have a permission to log in. If you think this is incorrect, please contact your JIRA administrators."
If I log into Crowd, and click on the Applications tab, I case see my crowd-JIRA application in the list. If I click on the crowd-JIRA link, in the Application Details tab, I see the Application type is JIRA and that it is active. If I click on the Directories tab, I have a 'Crowd Directory' listed on top and Allow all to Authenticate is set to true. Additionally, if click on the users tab to browse users in directories visible to this application, 'testuser2' does show up.
If I then click on the Directories section on the top navigation bar, I can see the list of directories I have and the Crowd Directory is listed and marked as active. It's type is 'Crowd Internal Directory'.
If I click on the Groups section on the top navigation bar, and select the Crowd Directory, I see the crowd-users group listed. If I click on the crowd-users group, and view the Direct Members, testuser2 is in the list.
Hopefully this is all clear, but if you require clarification or additional details, please let me know.
What am I missing that should allow testuser2 to log into Jira?
You're nearly there - the Crowd side sounds correct. Although the users and groups are managed in Crowd, each application has permission settings.
As an admin, go to JIRA and look at "global permissions". Look for the "Use" or "Can log in" permission (it usually says "must be in group jira-users"). Go back to Crowd and check that testuser2 is in that group, and that the group is available to JIRA.
Thank you. I may be beginning to see where my confusion is coming from. Within JIRA, if I click on the System permissions tab, and then click on the Global Permissions, I do see a JIRA Users permission. In the Users / Groups column, the group jira-users is listed. If I go back back to Crowd and click on the Groups section in the top navigation bar, I can then select the JIRA Directory and see the jira-users group listed there. I click on the jira-users group link and view it's Direct Members and see that testuser2 is not listed. If I click on the 'Add Users' button, it does not allow me to add testuser2 to the group. What is the point of the 'Allow all to authenticate' permission? I would have thought that adding testuser2 to the Crowd Directory and telling JIRA that all from this directory are allowed to authenticate would be enough. Going back to JIRA, I added the permission: JIRA Users with Group: crowd-users. testuser2 is in the group crowd-users and I can authenticate, but I can't help but think this is the wrong way to do it.
Ok - >If I click on the 'Add Users' button, it does not allow me to add testuser2 to the group. What error do you get? The global permission for JIRA Users really should be kept simple to begin with, putting a user in jira-users should be sorting it, and it's a nice clear "hey, these people can use JIRA". I'd rather debug that than start adding other groups.
The dialog I see is a search dialog, asking me to find users to add. I enter testuser2 into the dialog with 'Active: All' selected, press the search button, and the message I get back is "No results found matching the search criteria." I guess where my confusion is coming from is that if I end up needing, for example, to manage hundreds of users across multiple applications, it would seem cumbersome to add them individually to each <app>-users group. I assume I am still missing something obvious about how this system was designed.
Sounds like the testuser is not active? It's been built this way because there are places that will have 50 users in one application and 250 in a second - you can't use a single group for them all because when you add user 51 to the group, the first application will stop working. If that's not your situation, then there's absolutely no harm in defining a single "can use atlassian stuff" group and using that in all your atlassian applicatins to say "can use"
I click on the User section in the top navigation bar. I select the Crowd Directory to search in and see testuser2 in the list. Clicking on testuser2, I see the Active checkmark checked in the Details tab. I think the reason why I cannot add testuser2 to the lira-users group is that the jira-users group is in the JIRA Directory, but testuser2 only exists within the Crowd Directory in the crowd-users group. I am guessing that groups within directories can only have users found within the directory that contains the group.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG