Stash is now known as Bitbucket Server.
See the

Unknown macro: {spacejump}

of this page, or visit the Bitbucket Server documentation home page.

Skip to end of metadata
Go to start of metadata

You can connect Stash to external user directories. This allows you to use existing users and groups stored in an enterprise directory, and to manage those users and groups in one place.

User management functions include:

  • Authentication: Determining which user identity is sending a request to Stash.
  • User management: Maintaining core information about users accounts.
  • Group membership: Storing and retrieving groups, and group membership.
  • Profile information: Providing metadata associated with users.

It is important to understand that these are separate components of a user management system. You could use an external directory for any or all of the above tasks.

There are several approaches to consider when using external user directories wth Stash, described briefly below:

  • Connecting Atlassian Stash to your external directory is not sufficient to allow your users to log in to Stash. You must explicitly grant them access to Stash in the global permission screen.
  • We recommend that you use groups instead of individual accounts when granting permissions. However, be careful not to add more users to those groups that your Stash license allows. If the license limit is exceeded, your developers will not be able to push commits to repositories, and Stash will display a warning banner. See this FAQ.
  • Stash comes with an internal user directory, already built-in, that is enabled by default at installation. When you create the first administrator during the setup procedure, that administrator's username and other details are stored in the internal directory.
  • See also this information about deleting users and groups in Stash.

LDAP

You should consider connecting to an LDAP directory server if your users and groups are stored in an enterprise directory.

There are two common ways of using an external LDAP directory with Stash:

Stash is able to connect to the following LDAP directory servers:

  • Microsoft Active Directory
  • Apache Directory Server (ApacheDS) 1.0.x and 1.5.x
  • Apple Open Directory (Read-Only)
  • Fedora Directory Server (Read-Only Posix Schema)
  • Novell eDirectory Server
  • OpenDS
  • OpenLDAP
  • OpenLDAP (Read-Only Posix Schema)
  • Generic Posix/RFC2307 Directory (Read-Only)
  • Sun Directory Server Enterprise Edition (DSEE)
  • Any generic LDAP directory server

JIRA

You can delegate Stash user and group management, as well as user authentication, to an Atlassian JIRA instance. This is a good option if you already use JIRA in your organization. Note that Stash can only connect to a JIRA server running JIRA 4.3 or later.

You should consider using Atlassian Crowd for more complex configurations with a large number of users. 

See Connecting Stash to JIRA for user management for configuration instructions.

Crowd

You can connect Stash to Atlassian Crowd for user and group management, as well as for user authentication.

Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralised identity management. See the Crowd Administration Guide.

You should consider connecting to Crowd if you want to use Crowd to manage existing users and groups in multiple directory types, or if you have users of other web-based applications.

See Connecting Stash to Crowd for configuration instructions.

  • No labels