Synchronizing data from external directories
Affected Directory Types
Data caching and synchronization apply to the following user directory types:
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read only.
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read only, with local groups.
- LDAP (Microsoft Active Directory and all supported LDAP directories) where permissions are set to read/write.
- Atlassian Crowd.
- Atlassian JIRA.
Data caching and synchronization do not occur for the following user directory types:
- Internal Directory with LDAP Authentication.
- Internal Directory.
How it Works
Here is a summary of the caching functionality:
- The caches are held in the application database.
- When you connect a new external user directory to the application, a synchronization task will start running in the background to copy all the required users, groups and membership information from the external directory to the application database. This task may take a while to complete, depending on the size and complexity of your user base.
- Note that a user will not be able to log in until the synchronization task has copied that user's details into the cache.
- A periodic synchronization task will run to update the database with any changes made to the external directory. The default synchronization interval, or polling interval, is one hour (60 minutes). You can change the synchronization interval on the directory configuration screen.
- You can manually synchronize the cache if necessary.
- If the external directory permissions are set to read/write: Whenever an update is made to the users, groups or membership information via the application, the update will also be applied to the cache and the external directory immediately.
- All authentication happens via calls to the external directory. When caching information from an external directory, the application database does not store user passwords.
- All other queries run against the internal cache.
Finding the Time Taken to Synchronize
The 'User Directories' screen shows information about the last synchronization operation, including the length of time it took.
Manually Synchronizing the Cache
You can manually synchronize the cache by clicking 'Synchronize' on the 'User Directories' screen. If a synchronization operation is already in progress, you cannot start another until the first has finished.
Screen snippet: User directories, showing information about synchronization
Configuring the Synchronization Interval
The length you choose for your synchronization interval depends on:
- The length of time you can tolerate stale data.
- The amount of load you want to put on the application and the directory server.
- The size of your user base.
If you synchronize more frequently, then your data will be more up to date. The downside of synchronizing more frequently is that you may overload your server with requests.
If you are not sure what to do, we recommend that you start with an interval of 60 minutes (this is the default setting) and reduce the value incrementally. You will need to experiment with your setup.
- Configuring the internal directory
- Connecting to an LDAP directory
- Connecting to an internal directory with LDAP authentication
- Connecting to Crowd or another JIRA application for user management
- Managing multiple directories
- Migrating users between user directories
- Synchronizing data from external directories