Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Migrate users from external LDAP to internal JIRA

Iurii Sokolov
Iurii Sokolov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 8, 2018

Hello everyone.

I would like to migrate all users from external directory to JIRA internal. JIRA is version 6.3, external directory is Microsoft AD read only with internal groups. I don't have option to migrate users on user management page. As I understand it's because JIRA doesn't have write permissions to LDAP. But since I don't know what it will write in LDAP during migration, I think it's too risky to just allow it. I found a way to change active user directory for Confluence by just replacing group ID in database. Will it work for JIRA? If yes, could anyone point me to detailed guide for that, please? Or, maybe, there is another solution for such situation?

Thanks in advance.

Answer
Watch
Like Be the first to like this
2988 views

1 answer

1 accepted

0 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 9, 2018

You could migrate users from a delegated LDAP directory to the Jira internal directory as per the instructions in Migrating users between user directories.   But please understand that this form of migration will delete the user accounts in LDAP and add them to Jira internal directory if successful.  That usually is not something I would recommend since LDAP/Active Directory is commonly used for many other systems to handle logins/authentication and not just for the the sake of Jira.

The alternative here is to create accounts in the Jira Internal user directory with the exact same usernames as the LDAP directory, and then order the Jira internal directory above that LDAP user directory in Jira. 

When a username exists in multiple user directories connected to Jira, that user can ONLY login using the credentials set for that account in the highest ordered directory where that username exists.

 

How many users do you have in AD that are currently using Jira?  Depending the number of users could determine the best course of action for getting all these accounts in the internal directory without directly effecting the LDAP/AD instance itself.

View More Comments
Iurii Sokolov
Iurii Sokolov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 10, 2018

Thanks, Andrew.

Yes, it is highly unwanted to delete accounts from LDAP. Currently there are about 400 active users in Jira. I am now trying to do that trick, but with Jira.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 11, 2018

@Iurii Sokolov Please take a look at this kb, Migrate local group memberships between directories

I believe it has some steps you can take in order to copy these user accounts and their permissions from your existing directory in Jira, and then make use of the third party plugin Jira Command Line Interface to help bulk create these users in another user directory (such as the internal user directory of Jira).

Like
Dave Mathijs
Dave Mathijs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 31, 2022

Hi @Andy Heinzer , I'm currently trying your instructions, but Jira won't simply allow me to create the a user with the same username in the Jira Internal Directory if it already exists in the external directory. Any workarounds?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.