Initially we started with just JIRA, but have been slowly using more Atlassian products, and have now installed Crowd. Both connect to ActiveDirectory in an identical way: same user, same configuration.
JIRA still authenticates directly to ActiveDirectory; are there any considerations or best practices to switch it to using Crowd?
I will ensure I have an admin account working in the internal directory, so I don't get locked out,
Specifically:
Hi Greg,
I believe it will be a transparent turn-over. After configuring AD in Crowd, you'll need to integrate JIRA with Crowd. Please take a look on the following doc:
- https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA
After that, when you browse to Administration -> User Directories, you will have three user directories listed in JIRA: Crowd, AD and the JIRA Internal User directory. 
JIRA will try to authenticate its user first on the directory which is on the top (the first one), so all you'll need to do is move Crowd for the top. Ask for some users try to login, and if it works, you can just disable the AD one. Since you won't have any changes on the usernames, the users won't even note the difference. :)
You can have more information about managing multiple directories in JIRA here.
Best regards,
Lucas Timm
I did lose avatars and some profile stuff in the switch, but otherwise associations of ticket owners/assignment etc stayed and worked normally.
One trick is that you can't disable the directory you logged in from. I did this using an admin user in the 'JIRA internal' directory, so I was able to create the crowd and disable the AD directory. I used a second browser to test logging in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Switching from Confluence --> LDAP (but not using LDAP for groups) to Confluence --> Crowd --> LDAP I'm losing all the user to internal group mappings. When I switch to Crowd for authenication, all the internal Crowd groups disappear and all I have are the groups imported from CROWD / LDAP.
Is this correct behavior?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is exactly the behavior I found in testing for both Jira and Confluence. Both Crowd and Jira (ldap) were pointing at the same external ldap, with same groups/users (crowd actually had more).
For both confluence and jira basically the jira-* (users, admins, etc), and confluence-* (users, admins) lost there mapping.
We didn't change anything else, and my understand was that upon first logon that the person (in the case of jira) when then be re-added to jira-user.
I have jira connected as Read/Write to Crowd, but crowd to ldap is read-only, so crowd would manage anything additional internal afaik.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Greg,
According to my understanding if users from your AD directory are same users, basically the users will be the same and will keep the same profile because these suers have the same user name.
If these groups are from AD for example you wil not have problems with membership.
You can disable the AD directory and create this new directory into Crowd to synchronize AD, and then create the crowd directory directly in Confluence.
Please check these documentation for more information.
https://confluence.atlassian.com/display/CROWD/Configuring+an+LDAP+Directory+Connector
https://confluence.atlassian.com/display/DOC/Connecting+to+Crowd+or+JIRA+for+User+Management
Feel free to comment!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.