An Expert's Guide to User Management in JIRA and Confluence

  • 1,999 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,999
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
28
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • be more specific about the problem\n\n
  • be more specific about the problem\n\n
  • be more specific about the problem\n\n
  • be more specific about the problem\n\n
  • So the integration team at Atlassian set out to have a single library for across all products and improve the user experience for the Administrator. Requirements for the new User Management:\nOne single interface across all applications\nScalability!\nInter-operability, sharing user base using REST *\nNested Groups\nFlexible Group Membership *\nAPI for Plugin Developers\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • You will of course need to make sure that after the upgrade, you still have an admin that can log in.So - either ensure you have an admin in the local DB, or keep an LDAP config that contains an admin.It is considered good practice to have an admin account in the Internal directory (eg for if the LDAP server goes down, or changes config), so if you don't have one alreadyI would recommend you add one before you start the upgrade.\nAfter the upgrade to v4.3 or v4.3.1, you will want to add the missing LDAP connection as a "full" LDAP directory (instead of "authentication-only").That way it can do a synchronise and the system will pull all the users and groups into JIRA for you.The "LDAP authentication-only" directory (in v4.3 & v4.3.1) requires you to manually add the users to the directory - but they will already exist (in the Internal Directory), so this will be a problem.\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Here is a summary of how the directory order affects the processing:\nThe order of the directories is the order in which they will be searched for users and groups.\nChanges to users and groups will be made only in the first directory where the application has permission to make changes.\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Transcript

  • 1. An Experts Guide toUser ManagementTips and Fixes to avoid TrapsAjay SridharSenior Support Engineer, Atlassian 2
  • 2. Agenda• User Management• Deployment Scenarios• Upgrade Tips• Troubleshooting Upgrade• Limitations 3
  • 3. Pre JIRA 4.3 & Confluence 3.5 Watch for details here! 4
  • 4. Pre JIRA 4.3 & Confluence 3.5 Watch for details here! 4
  • 5. Pre JIRA 4.3 & Confluence 3.5 Watch for details here! 4
  • 6. Pre JIRA 4.3 & Confluence 3.5 Watch for details here! 4
  • 7. Pre JIRA 4.3 & Confluence 3.5 Watch for details here! 4
  • 8. What’s new? New in Confluence 3.5 & JIRA 4.3• Single interface across all applications • No XML files!• Nested LDAP Groups• Built with REST from the ground up • Interoperability & Flexibility 5
  • 9. DeploymentScenarios 6
  • 10. Deployment Scenario (1) Small Deployments: 500 users 7
  • 11. Deployment Scenario (1) Small Deployments: 500 users 7
  • 12. Deployment Scenario (2) Large Deployments: More than 500 Users 8
  • 13. Deployment Scenario (2) Large Deployments: More than 500 Users 8
  • 14. Deployment Scenario (3) Staging Server & Mixing User Directories 9
  • 15. Deployment Scenario (3) Staging Server & Mixing User Directories 9
  • 16. Upgrading 10
  • 17. Upgrading• Designed to be seamless - can upgrade from any version 10
  • 18. Upgrading• Designed to be seamless - can upgrade from any version• Do not forget to copy over • atlassian-user.xml (Confluence) • osuser.xml (JIRA) • crowd.properties (Crowd) 10
  • 19. Upgrade Tip (1) Tip for: Large Deployments 11
  • 20. Upgrade Tip (1) Tip for: Large DeploymentsTrapSynchronizing large LDAP user base 11
  • 21. Upgrade Tip (1) Tip for: Large DeploymentsTrapSynchronizing large LDAP user baseTrick• Apply more focused search filter• Split into multiple directories• Set userSearchAllDepths to false 11
  • 22. Upgrade Tip (2) Tip for: Large & Small Deployments 12
  • 23. Upgrade Tip (2) Tip for: Large & Small DeploymentsTrap• Upgrade fails due to Mis-configured LDAP definition 12
  • 24. Upgrade Tip (2) Tip for: Large & Small DeploymentsTrap• Upgrade fails due to Mis-configured LDAP definitionTrick• Check LDAP configuration • Incorrect BaseDN - not containing OU • Using Paged results (LDAP Error code 4) 12
  • 25. Upgrade Tip (3) Tip for: Large Deployments 13
  • 26. Upgrade Tip (3) Tip for: Large DeploymentsTrapLost LDAP/local group memberships in Confluence afterupgrade • Forgot to copy over atlassian-user.xml file 13
  • 27. Upgrade Tip (3) Tip for: Large DeploymentsTrapLost LDAP/local group memberships in Confluence afterupgrade • Forgot to copy over atlassian-user.xml fileTrick • Run the user migration manually from 13
  • 28. Upgrade Tip (4) Large & Small Deployments Staging Server 14
  • 29. Upgrade Tip (4) Large & Small Deployments Staging ServerTrap• Upgrade Task failure when migrating LDAP configuration 14
  • 30. Upgrade Tip (4) Large & Small Deployments Staging ServerTrap• Upgrade Task failure when migrating LDAP configurationTrick• Remove LDAP configuration before upgrading 14
  • 31. Upgrade Tip (5) Large Deployments Staging Server 15
  • 32. Upgrade Tip (5) Large Deployments Staging ServerTrap• Multiple LDAP definitions in JIRA 15
  • 33. Upgrade Tip (5) Large Deployments Staging ServerTrap• Multiple LDAP definitions in JIRATrick• Remove LDAP configuration before upgrading 15
  • 34. Upgrade Tip (6) Tip for: Large Deployments Only applies when using OsUser & Confluence 16
  • 35. Upgrade Tip (6) Tip for: Large DeploymentsTrap Only applies when using OsUser & ConfluenceConfluence and OsUser 16
  • 36. Upgrade Tip (6) Tip for: Large DeploymentsTrap Only applies when using OsUser & ConfluenceConfluence and OsUserTrickMigrate to atlassian-user before upgrading 16
  • 37. Upgrade Tip (7) Tip for: Large & Small Deployments Only applies when using OsUser & Confluence 17
  • 38. Upgrade Tip (7) Tip for: Large & Small DeploymentsTrap Only applies when using OsUser & ConfluenceUsing JIRA’s user base 17
  • 39. Upgrade Tip (7) Tip for: Large & Small DeploymentsTrap Only applies when using OsUser & ConfluenceUsing JIRA’s user baseTrickRemove JIRA configuration, re-add after upgrading 17
  • 40. Troubleshooting Upgrades 18
  • 41. Troubleshooting UpgradesIf the upgrade fails during migration 18
  • 42. Troubleshooting UpgradesIf the upgrade fails during migration1) Check Configuration and log 18
  • 43. Troubleshooting UpgradesIf the upgrade fails during migration1) Check Configuration and log2) Fix the problem Use Knowledge Base, jira.a.c and confluence.a.c Contact Support 18
  • 44. Troubleshooting UpgradesIf the upgrade fails during migration1) Check Configuration and log2) Fix the problem Use Knowledge Base, jira.a.c and confluence.a.c Contact Support3) Start from the beginning 18
  • 45. Limitations • Duplicate users and groups • User directory ordering • Shadow users across multiple directories 19
  • 46. Why wait?• Confluence 3.5• JIRA 4.3• Fisheye/Crucible 2.6 20
  • 47. 21
  • 48. Questions? 21