Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to move to other LDAP but keep current groups?

Flavio Beck
Flavio Beck
Contributor
June 14, 2018

My current AD server  will be off in next months. New AD is currently available but it does not have the same groups I have currently.

I performed some tests but not found an easy solution.

 

Current Situation:

- Jira Internal Directory

     -- Users from other offices (group: jira-users)

     -- admin (group: jira-administrators)

- Local AD (local office)

     -- Users from local office (group: jira-users, team-A, team-B, team-C....   around 80 groups)

 

Test Scenario (when local add is disabled and added new AD): [UPDATED]

 

- Corp AD (global)

   -- Users from other offices (group: XYZ-0987663-BLABLA....  + many other groups)

   -- Users from local office (group:  ABC-2454565-BLABLA... + many other groups)

- Jira internal Directory

     -- Users from other offices (groups: REPLACED BY ABOVE AD) 

     -- admin (group: jira-administrators)

 

Note: users from new AD have same username (ID) and same email address

 

I need to sync all users from the new AD, but manage groups locally and apply them to groups with same name as it is current AD

 

Answer
Watch
Like Be the first to like this
766 views

2 answers

1 accepted

2 votes
Answer accepted
Flavio Beck
Flavio Beck
Contributor
June 20, 2018

I have resolved using script runner:

 

 

import com.atlassian.jira.component.ComponentAccessor
import org.ofbiz.core.entity.ConnectionFactory
import org.ofbiz.core.entity.DelegatorInterface
import java.sql.Connection
import groovy.sql.Sql
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.crowd.embedded.api.Group

log.warn ("--------START TO COPY GROUPS -----------")
def delegator = (DelegatorInterface) ComponentAccessor.getComponent(DelegatorInterface)
String helperName = delegator.getGroupHelperName("default")

// GET USERS AND GROUPS FROM OLD DIRECTORY (EVEN IT IS NOT THE ACTIVE DIRECTORY) 
Connection conn = ConnectionFactory.getConnection(helperName)
Sql sql = new Sql(conn)

def sqlUsers = """
 SELECT cu.lower_user_name, cg.lower_group_name
 FROM cwd_user cu
 JOIN cwd_membership cm
 ON cu.id=cm.child_id
 JOIN cwd_group cg
 ON cm.parent_id=cg.id
 WHERE cu.directory_id=10200 AND cg.directory_id=10200 //change to the source directory
 ORDER BY cu.lower_user_name
 """

def groupsByUser = [:]

try {
 def rows = sql.rows(sqlUsers)
 // MAP THE SQL RESULT TO A VARIABLE (TO CLOSE TO CONNECTION BEFORE TIMEOUT)
 groupsByUser = rows.collectEntries {
 [it.lower_user_name, it.lower_group_name]
 }

} finally {
sql.close()
}

// ADD GRUPS FOR EACH USER IN NEW DIRECTORY
groupsByUser.each{
 def user = it.key
 def group = it.value
 
 def userManager = ComponentAccessor.getUserManager()
 def appUser = userManager.getUserByKey(user)
 def groupManager = ComponentAccessor.getGroupManager()
 Group groupObj = groupManager.getGroup(group)
 ApplicationUser aUser = (ApplicationUser) appUser
 Long dir = aUser.getDirectoryId()

//check if user is really present in the destination directory
if (dir == 10304){ 
 log.warn ("Adding user: " +user + " -> to group: " +group)
 groupManager.addUserToGroup(aUser, groupObj)
 } else {
 log.warn ("user not in NEW AD: " +user)
 }
}
Reply
0 votes
Moses Thomas
Moses Thomas
Community Champion
June 14, 2018

@Flavio BeckSo you need to  add  this new AD,  configure it  and change order in  user directory in  Jira, and you  will  still  have user's  in  Jira  internal  directory which  are not in  new AD.   Why  don't you  export users in  old AD  to  new  AD ?

View More Comments
Flavio Beck
Flavio Beck
Contributor
June 14, 2018

Hello...  maybe my question was not celar...  I have updated that.

for users in my internal AD not present in new AD, there is no problem, its OK.

 

The problem is about users present in both Local AD and Corp AD.

When I disable local AD they will assume Corp AD groups (that does not are useful for me).

Off course I can set to manage goups locally, and add each Corp AD user to the proper group, like jira-users.

But note, How can I do that in a easy way ?

1500 users one by one?

Like
Moses Thomas
Moses Thomas
Community Champion
June 14, 2018

@Flavio BeckWith a power shell  script will  perform this action  for  1500 users,

this i have no  script to  do this.

Like
Flavio Beck
Flavio Beck
Contributor
June 14, 2018

I have checked to use scriptrunner to do this, but Jira API does not have any method get or add users from an specific directory.

I am am testing to use scriptrunner with SQL instead of API calls

 

anyway thanks for help.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security