Hi, we would like to allow new users to our Atlassian eco system to automatically be added to Crowd (we use a delegated LDAP connector to actually authenticate). I've been looking at the Crowd source code, and there appears to be a way to add a completely independant directory (sub-class RemoteDirectory), but we want to have something like this instead:
1 - intercept attempt to autehtnicate (i.e. be the top directory in the directory stack)
2 - look in the othe directories to see if the user already exists in say "jira-users". We don't want to go to LDAP, because we don't care about the authenticaiton, we wan to let the normal delegate direcotry do that...but before that happens we want to always pre-add the user to the delegated LDAP directory.
3 - if the user isn't in jira-users (of the delegated directory) yet, then add them.
4- always fail authentication (always fall through to the next directory). I guess if know what the actual delegate directory is we could just call its authenticate method and return that result to be a little more efficient.
It seems reasonable, but to do that, I think we need to instantiate things like the SystemInfoHelper to be be able to fetch a DirectoryManager and list/query the other directories...but in all the various classes I've looked at, you have to provide cache instances or loader instances, and I don't know ehre to get or how to generate them.
I guess I could go through ALL of the crowd source code and figure the whole thing out, but that seems like a lot of overkill to do whwt other people must have already done several times. This is a standard enterprise kind of feature; incrementally add users from the big corporate LDAP. Surely others have done this arleady? Is this the best approach? Does anyone know of an example implementation they can share?
I did look at:
But I don't think its checking the existing directories, just going straight to custom data like a database. This plugin looked primising:
But the source code doesn't exist anymore. Does anyone happen to have a copy of it? I was thinking maybe I could look at it to see how it uses the existing Crowd classes (even though its for a much older version of Crowd).
I also looked in the crowd admin panel hoping that I had just overlooked a simple "auto-add" users option, but I couldn't find one anywhere. There is a feature for adding users to a group the first time they authenticate, but means adding the user to the LDAP directory already...in our case that would mean importing 30-40,000 users...we don't want to do that, we want incremental addition and incremental addition to groups at the same time.
I guess maybe I shoudl try to dig up the actual LDAP implementtion inside Crowd and see what it does on the first time lookup of a user.
If you have any tips/pointers on doing "auto-add" of users incrementally, please let me know...
Pre-receive hooks that verify the Git commit message, the modified files, and implement similar code change controls used to be requirements of large enterprises working in regulated industries only....
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events