Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-11322

Support dual password management in LDAP and JIRA

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 5.0
    • User Management - Others
    • Apache Tomcat/5.5.17 (not standalone)
      1.5.0_08-b03 JVM, Linux 2.6.9-42.0.3.ELsmp
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The title might sound a bit illogical, but I hope that I can explain the reason for stating it like this.

      In principle, we are using LDAP external password management for our users – maybe 90% are managed like this.

      Recently, however, we have set up a number of test and demo user accounts using JIRA alone, with passwords that we entered in the relevant boxes when creating the user account. These users also have email addresses that would be invalid for LDAP authentication: they do not exist on this server. However, this dual system does work and offers us a very useful flexibility in managing JIRA: our JIRA admins are not the same as our IT sysadmins, who manage LDAP and other backend systems, and it is useful to set up demo accounts without bothering the sysadmins for additional accounts each time.

      However, we have run into a problem now, because we want to change some of the passwords for these "internal" users (the users that are not authenticated using LDAP). This seems to be impossible: on the "Edit User" screen in Administration it is not possible to change these passwords, even though they are passwords set by JIRA and not by the external system (LDAP).

      Please advise if this is a bug or a feature and what the Atlassian policy is: if "external password management" really means external, then the password fields should not be shown on user creation, nor should it be possible to create a user with an email address that is invalid for the external authentication system (as noted above).

      We do not think that the system should be so inflexible, however: we would very much like the flexibility of managing some blocks of users using JIRA and some using an external system. However, in this case, JIRA must be able to recognize which system is managing which password.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-23872 JIRA should not try to change passwords for users that belong to Read Only user directories.

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-25907 Cannot change password on Internal Users with Global setting "External User Management = true"

          • Medium - Medium priority issues
          • Closed

          Suggestion - JRACLOUD-11322 Support dual password management in LDAP and JIRA

          • Closed

          Suggestion - JRASERVER-7140 "Change password" facility modify only a password in a local database, not in LDAP.

          • Closed
          mentioned in

          Wiki Page Loading...

          Activity

            People

              Unassigned Unassigned
              483c824c61c0 Edward Bradburn
              Votes:
              33 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: