Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to determine in which ldap new user needs to be be created via Crowd REST /user

Michel Teunissen
Michel Teunissen August 23, 2011

We're talking REST to crowd to create a user via a POST to ../user. Behind crowd are a few LDAP's. Only the third one in the list allows users to be created in it by the Crowd user. I now see logging that Crowd has no priviliges in the first 2 but no new user in the third. The end result is a HTTP 400.

My guess is that I would need be able to determine that the first 2 ldap's should be skipped. Also it seems like no attemp is done to create the user in the third ldap

Watch
Like Steffen Opel likes this
426 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
Michel Teunissen
Michel Teunissen October 31, 2011

I discover what the problem was. For some reason the username could only be 22 characters in length. I'm now creating a random username of max 22 characters and mapping that name to the actual name. We also tried your suggestion to move the resource in which users needed to be created to the first position with no effect. Only the 22 char limit helped. The 22 limit seems to be a ldap restriction that I googled from some Oracle/sun resource somewhere. With the 22 in place the order doesn't matter

View More Comments
Rafal Habrat
Rafal Habrat October 31, 2011

Good to know. I assumed that the order was the problem because in my case I have write access to all directories and the only way to force the creation of the account in a specific directory was to move it to the first place. I guess the way it works is that it adds the account to the first writable directory from the list...

Like
Reply
0 votes
Rafal Habrat
Rafal Habrat October 31, 2011

Hi Michel,

From my experiments with the REST API, it seems that the /user resource will only attempt to create the user account in the first directory mapped to the application that you are authenticating as.

You could either change the order of directories for your application and move the one that you have write access to to the top of the list or define a dummy generic Crowd application that you will not actually use for authentication but only to create accounts through REST - if you map the AD directory, in which you want to create the accounts, to this dummy application, you can then authenticate using the dummy app's credentials when invoking the REST API in order to create your accounts.

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events