We are trying to configure Stash with Active Directory.
We have domain1\joe and domain2\fred
User joe can connect with 'joe', but cannot connect with domain1\joe.
User fred cannot connect at all (user not found).
I've been working with our Active Directory administrator and we have tried everything we can with no luck. Any ideas why we're stuck in one domain and can't use domain\user?
Hi Andrew, just checking if I understood it right, you're using domain1\joe a the username field in the log in screen, is that right? If so, Stash wasn't designed to work this way.
You should insert only the username of the user in the username field and in case you have multiple domains, you can either configure one directory pointing to the root domain (e.g.: dc=example,dc-com) or multiple directories each one pointing to a single sub domain (e.g.: dc=sub1,dc=example,dc=com)
I hope it helps.
No luck so far getting it to authenticate against another domain.
Even if we are able to add the additional domains, we will have too many duplicate user ids. The domain prefix is a necessity.
It would be preferable if we did not have to modify Stash after adding a domain in the future.
Are there any plans at Atlassian to support ldap authentication using the standard domain\user format? We may not be able to use Stash without it.
Hi Andrew, as far as I'm aware we don't have plans to change the way our products integrate with LDAP and it's mainly because the way it current works fit pretty much all scenarios.
It's possible that we can find a configuration that works for you, but it'll depend on the topology of your directory service. The most common AD topologies are:
Can you tell us which one you're using?
We are using option C. We have a two way transitive trust with corporate headquarters, but as we were an acquisition weve maintained our own separate AD forest and domain.
We have user accounts from corporate in domain local groups here in our domain and they are allowed to authenticate and access resources that exist here. In Stash all user accounts and groups were imported but when I look in the domain local group it shows it as being empty, the accounts from the mothership dont exist according to Stash.
So how do we authenticate in Stash using a domain trust, or can we?
I believe one thing you could try is create a LDAP directory in Stash to each one of your root forest domain (e.g.: dc=exampleA,dc=com, dc=exampleB,dc=com, etc), then you point the directories to your Global Catalog (3268). This is read-only, but it contain all users, groups, and memberships from across your Forest.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG