Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

migrate users from a directory server to another

Giacomo Zucchelli
Giacomo Zucchelli August 11, 2011

Hello,

i'm migrating to Jira 4.4 from Jira 3.13.

On Jira 3.13 i use the LDAP integration for password management but when i import datas on the new server all the users are saved on the "internal directory" server.

That means that the user password is no more sinchronized within LDAP.

I can create a new directory server, but users remain on the internal one ( with no possibilities of LDAP integration).

The question is: how can i migrate users from a directory server to another?

Thank you,

Giacomo

Answer
Watch
Like Be the first to like this
920 views

4 answers

1 accepted

0 votes
Answer accepted
Giacomo Zucchelli
Giacomo Zucchelli October 20, 2011

Solved with massive update ( without including groups: Jira-users & jira-administrators):


UPDATE JIRA.CHANGE.cwd_user
SET JIRA.CHANGE.cwd_user.directory_id =
(SELECT DISTINCT id FROM JIRA.CHANGE.cwd_directory
WHERE JIRA.CHANGE.cwd_directory.directory_name = 'LDAP Authentication' AND JIRA.CHANGE.cwd_directory.directory_type = 'DELEGATING')
WHERE JIRA.CHANGE.cwd_user.directory_id = 1 and JIRA.CHANGE.cwd_user.user_name != 'admin';

 

UPDATE JIRA.CHANGE.cwd_group
SET JIRA.CHANGE.cwd_group.directory_id = (SELECT DISTINCT id FROM JIRA.CHANGE.cwd_directory
WHERE JIRA.CHANGE.cwd_directory.directory_name = 'LDAP Authentication' AND JIRA.CHANGE.cwd_directory.directory_type = 'DELEGATING')
WHERE JIRA.CHANGE.cwd_group.group_name not like 'jira%';

 

UPDATE JIRA.CHANGE.cwd_membership
SET JIRA.CHANGE.cwd_membership.directory_id = (SELECT DISTINCT id FROM JIRA.CHANGE.cwd_directory
WHERE JIRA.CHANGE.cwd_directory.directory_name = 'LDAP Authentication' AND JIRA.CHANGE.cwd_directory.directory_type = 'DELEGATING')
WHERE JIRA.CHANGE.cwd_membership.parent_name not like 'jira%';

Reply
1 vote
m_
m@
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 11, 2011

If you create the LDAP user repository in JIRA 4.4 and place it above the internal directory it will take precedence and allow your users to authenticate against LDAP.

Check out the page about managing multiple directories: http://confluence.atlassian.com/display/JIRA/Managing+Multiple+Directories

View More Comments
Giacomo Zucchelli
Giacomo Zucchelli August 11, 2011

You mean a 'microsoft active directory' or LDAP type?

I've tried it and it works for user authentication, but users lose all the groups and project roles assigned...

Like
m_
m@
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 13, 2011

If you're connecting to an LDAP server, select the LDAP server type when creating it. If you're connecting to a generic LDAP server, select that.

The solution to your problem relies on the ordering of the multiple directories, what ever type they are. The user authentication will be successful if any remote directory validates the username supplied on the login screen. Each remote directory will be queried in order.

If you're losing the group membership, you may need to create groups in your LDAP server (which match the local groups). By what your saying, it sounds like you have the roles and groups only in JIRA and they are not matching the LDAP users. I would have thought that would work but it sounds like it isnt, it may be because of the order of the remote directories.

Like
m_
m@
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 14, 2011

This section of the documentation explains how the multiple directories effect the group memberships: http://confluence.atlassian.com/display/JIRA/Managing+Multiple+Directories#ManagingMultipleDirectories-Permissions

Like
Giacomo Zucchelli
Giacomo Zucchelli September 18, 2011

That's it. I've only groups on Jira because i'm migrating from Jira 3.13.

In Jira 3.13 i'm using the authentication within LDAP but when i migrate datas in Jira 4.4 all users are saved in internal directory DB and cannot access.

I can create a new internal server connecting with LDAP, but how can i migrate users in that new DB?

ps. sorry for the late answer.

Like
Reply
0 votes
Giacomo Zucchelli
Giacomo Zucchelli September 22, 2011

Another info on my question.

i've tried this solution working directly on database:

UPDATE jira_4_3_4.cwd_user cu SET cu.directory_id = (SELECT DISTINCT id FROM jira_4_3_4.cwd_directory cd WHERE cd.directory_name = 'JIRA Delegated Authentication Directory' AND cd.directory_type = 'DELEGATING') WHERE cu.user_name = 'THE_USER_I_WANT_TO_MOVE';

It works, but even in this case user lose all his groups. Someone has a good idea?

Reply
0 votes
Giacomo Zucchelli
Giacomo Zucchelli September 22, 2011

I've found this:

https://jira.atlassian.com/browse/JRA-24213

That is my unresolved problem.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events