Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Integrating Jira w Microsoft Active Directory

Jacek Fajfer
Jacek Fajfer January 20, 2013

Hi,

we've been using Jira with local user database since the beginning but recently we integrated an Active Directory solution in our company. We would like to integrate Jira with Active Directory. The problem is that the user naming convention in active directory is different than the one we currently use in Jira. It's crucial for all users to be able to log in and have access to all thing they had previously access but since the user names in two bases are different it cannot be easily done. Do you have some autosuggestion how could we do this?

So far I found one solution but it's problematic. I am using a test instance. I've set it up so, that the Description field in the active directory is used as the user name and I've put the name of the user that was used in local database in that field. I've tested in on one user and it works only partially. I seem to be able to access all the projects I was assigned to. All my comments and issues are properly linked with my account but for some reason the groups I belonged to are missing. I've been cut of from jira-administrators group. After looking at my profile I see that I belong to the groups I belong to in Active Directory and also to jira-users group. Mind you that i've set it up so that it uses local groups (read only with local groups).

Is such a setup can even work right?

Answer
Watch
Like Be the first to like this
444 views

1 answer

0 votes
Yilin
Yilin
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 20, 2013

Hi Jacek,

The problem will not fixed even using the local groups as the user management system only pick up the related data in one user directory, it is not possible to pick up the setting cross user directory.

But if you can change the user name on the AD side to match JIRA internal user directory, you can try the following step to migrate the users to a AD user directory with the local groups: 

Run the following SQL statements (case sensitive for the name string):

    Remove the possible duplicated user account:

    delete from cwd_user where directory_id=(select id from cwd_directory where directory_name='LDAP server');

    Remove the possible duplicated user attributes:

    delete from cwd_user_attributes where directory_id=(select id from cwd_directory where directory_name='LDAP server');

    Remove the possible duplicated membership:

    delete from cwd_membership where directory_id=(select id from cwd_directory where directory_name='LDAP server') and membership_type='GROUP_USER';

    Migrate the user account to the new user directory:

    update cwd_user set directory_id=(select id from cwd_directory where directory_name='LDAP server'),credential='nopass' where directory_id=(select id from cwd_directory where directory_name='Delegated LDAP Authentication');

    Update the user account attributes:

    update cwd_user_attributes set directory_id=(select id from cwd_directory where directory_name='LDAP server') where directory_id=(select id from cwd_directory where directory_name='Delegated LDAP Authentication');

    Migrate groups to the new user directory and change the property:

    update cwd_group set local=1,directory_id=(select id from cwd_directory where directory_name='LDAP server') where directory_id=(select id from cwd_directory where directory_name='Delegated LDAP Authentication');

    Migrate the membership setting to the new user directory:

    update cwd_membership set directory_id=(select id from cwd_directory where directory_name='LDAP server') where directory_id=(select id from cwd_directory where directory_name='Delegated LDAP Authentication') and membership_type='GROUP_USER';

    Please be aware that after these steps, all user belong to the user directory Delegated LDAP Authentication will be migrated to the user directory LDAP server.

Hope this help.

Cheers

MOMO

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events