Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-3321

Synchronise user on demand for delegated LDAP

    XMLWordPrintable

Details

    • Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • None
    • None
    • 3
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      For installations that use delegated LDAP for authentication users will be created in Bitbucket Server on their first login. This causes problem for plugins that provide authentication based on a custom token (e.g. SSO token / Kerberos).

      If the plugin is able to resolve the username from the token, but the user has never logged in to Bitbucket Server, authentication will fail because the StashUser cannot be found.

      Migrating to a Delegated Directory in Bitbucket
       While this is possible, there is one caveat which is that users must login for the first time via the UI in order to synchronise user groups and permissions. This means that if you have users who have access keys in their user profile, they will not be able to push using those access keys until they login via the UI or perform an HTTP(s) git operation. 

      Suggested Solution

      Bitbucket Server should provide a way to sync a remote user based on the username.

      Workaround

      Login to Bitbucket Server for the user to be authenticated.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mheemskerk Michael Heemskerk
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: