-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
10
-
FreeIPA 3.x is a very powerful replacement for MS AD. As it turns out, it also contains a full RBAC system that has host-based differentiation capabilities.
Imagine: Individual permissions allow very granular mapping to actual functions in the Atlassian stack. Traditional Atlassian roles such as jira-administrator allow a smooth migration path for existing users. Privileges are created to map these permissions to roles. Add hosts to the mix, and roles can be differentiated by server such that the jira-administrator role can be the same everywhere, but with only certain users available to exercise a role per host.
FreeIPA does all this out of the box.
Crowd is great, but FreeIPA has slowly improved to where Crowd was originally going to go. FreeIPA is incredibly detailed, maybe too detailed for the beginner user. As it's turned out, they compliment each other quite remarkably! Supporting both Crowd and FreeIPA will make the Atlassian stack incredibly valuable.
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page"){kind=icon}
[CWD-4134] Support FreeIPA Roles/Permissions/Privileges
| Support reference count | New: 10 |
| Remote Link | Original: This issue links to "Page (Atlassian Documentation)" [ 122724 ] |
| Workflow | Original: JAC Suggestion Workflow [ 3388255 ] | New: JAC Suggestion Workflow 3 [ 3630131 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1392380 ] | New: JAC Suggestion Workflow [ 3388255 ] |
| Issue Type | Original: Improvement [ 4 ] | New: Suggestion [ 10000 ] |
| Status | Original: Needs Verification [ 10004 ] | New: Gathering Interest [ 11772 ] |
| Epic Link | Original: CWD-4705 [ 600142 ] |
I am trying to migrate from OpenLDAP to FreeIPA. I am not able to have JIRA communicate w/ FreeIPA. I get connection error 49.
// code placeholder
Connection test failed. Response from the server: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] For more information regarding LDAP error codes see Troubleshooting LDAP Error Codes.
| Status | Original: Open [ 1 ] | New: Needs Verification [ 10004 ] |
| Epic Link | New: CWD-4705 [ 600142 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 761386 ] | New: Simplified Crowd Development Workflow v2 [ 1392380 ] |
I've also had issues with this but eventually configured it trough trial and error in the Crowd UI. I have posted my settings here.