Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there a way in JIRA to migrate users from a Delegated LDAP to a Connector LDAP User directory.

Ankuskum
Ankuskum
Contributor
June 29, 2018

We are using OPENLDAP and we have migrated all the users in delegated OpenLDAP.

Next step:

We want to move all the users in LDAP without loosing any data.

Answer
Watch
Like Be the first to like this
897 views

1 answer

1 accepted

0 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 2, 2018

It could be possible, but the trouble tends to be in regards to the groups that these users are members of.

So you could just add another user directory in jira, of type Connected LDAP, and then use the same credentials/settings as the previous directory.   This can then sync all those same user accounts into Jira.  If this directory is ordered on top, then users would be logged in via that user directory instead.

The problem usually comes in regards to how you have setup Application access in Jira and other permissions that can frequently be governed by group membership.  The most common problem with doing this kind of migration is that users can't login to Jira immediately after this change.

If all your current openldap users are belonging to groups that only come from this first delegated directory, then you will probably need to go back into Jira and make sure that these same groups in the new ldap are also getting synced into Jira and that each user has membership to those groups.

If you're not using the groups in ldap, but instead are utilizing the read-only with local groups option, then you might not need to do the above as the user accounts are getting memberships from groups that exist in the internal Jira user directory.

I would recommend setting up a staging server just to test out a change like this before doing it on a production instance.  This kind of change does have the potential to lock out all users in Jira, so test it first.   There is also some good information in regards to Migrating users between directories.

View More Comments
Ankuskum
Ankuskum
Contributor
July 3, 2018

Hello,

Thank you for reply.

But i am having one doubt here.

How will sync jira password to the LDAP?

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 4, 2018

Jira doesn't track what the user's password is for external directories.  Instead, Jira passes authentication directly to that directory.    If all your users were already in the delegated LDAP, you won't see a difference here in terms of username/passwords.

But if some or all of your users were just in the Jira Internal directory instead, then Jira could have a different password for that user than the LDAP is using.  

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.