|
Hi Anton,
Thanks for the quick response. This was something that worked just fine for us in JIRA 3.7, and was changed in a version leading up to JIRA 3.10. Given that JIRA has group management facilities, it's really frustrating not being able to use them just because we're using an external user database. This doesn't strike me as unusual as all. For example, very few OpenID implementations (all existing implementations?) do not provide a standard mechanism for passing group membership that I'm aware of. Rearchitecting our existing login system is not a viable option. Propogating groups from our group system is not an option, because we have thousands of them. Rob Hi Rob,
The bug that allowed to manage groups in JIRA 3.7 when External User Management was enabled is I see what you mean regarding OpenID clients, and I can definetely see JRA-13127 as a legitimate request. I have forwarded this onto Product Management, however, due to our current workload, unfortunately, I cannot provide an implementation date for JRA-13127 at the moment. I think we will be able to make a better call on JRA-13127 in the new year, when people return to their regular posts after the Christmas break. Are you integrating JIRA with an OpenID server? I have talked to our OpenID expert and he has indicated that usually even when integrating with an OpenID server, it is a good idea to allow users to customise their e-mail anyway. For example, so that they can redirect their JIRA e-mail to a dofferent account. When enabling External User management, what functionality are you trying to disable? Is it adding new users directly to JIRA? Is it allowing users to change their attributes? Cheers, Hi Anton,
You wrote: That's fine. As ugly as it is, we have a workaround now. I'm most interested in making sure the workaround isn't permanent. > Are you integrating JIRA with an OpenID server? Not yet. We're strongly considering it, though. > I have talked to our OpenID expert and he has indicated that usually even when integrating with an OpenID server, it is a good idea to allow users to customise their e-mail anyway. I wouldn't mind doing this if there was a solution for JRA-3619 (email validation). As it stands, allowing unvalidated emails is a little too prone to abuse. Rob |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Support Request
Open
Major
Enabling "External user management" should not disable group membership editing
This functionality is not present in JIRA. As you have mentioned it is not currently possible to disable user management without disabling group management. We found that when user management is externalised, usually the group membership is also externalised.
There is also External Password Management, that leaves user managerment enabled, and only restricts changing passwords through JIRA.
The above two options seem to cater for most of the use cases.
I will show JRA-13127 to our Product Management, however, I am not able to provide an estimate for its delivery. I am sure you know what it is like to have millions of possible improvements and not be able to solve them all at once.
Also, to help us understand your use case, if it was possible to fully externalise user and group management to LDAP, would yougo for that solution? Or would you always prefer to keep group management in JIRA?
Cheers,
Anton