Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can I restrict a specific AD groups from 1 of my directories in crowd (!(cn=AD Group)

Dawn Cooper
Dawn Cooper
Contributor
April 6, 2023

I have the need to allow just 1 AD Group in 1 of my directories to authenticate and automatically add the users to a specific local group in Crowd to map to Jira. Then that same AD group I need to restrict from everything else to prevent any crossover. 

(!(cn=ADGroupname)

would this work in my object category configuration to filter them out and prevent authentication and access that way when I must check the box to authenticate against all directories otherwise? 

Crowd v 4.3.5

Jira v8.13.18

Answer
Watch
Like Be the first to like this
1001 views

2 answers

1 vote
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 13, 2023

Hi @Dawn Cooper 

Then that same AD group I need to restrict from everything else to prevent any crossover.” - can you give any more context about what “everything else” is?

Your proposed LDAP filter would/should block that group from being exposed to Crowd, you can only implement LDAP filters on a per directory basis in Crowd, so if you wanted to let users in ADGroupname to authenticate to Jira, you would either need to have two Crowd directories (on excludes this group, one includes only this group), and then map those directories to the relevant application(s), or - depending on what “everything else” is - let’s say you’ve got Confluence and Bitbucket connected to the same Crowd server and you don’t want these users using either of those apps, you’d leave the “allow all users to authenticate” option unchecked on the Conf+BB Crowd Application pages, and then select the relevant group(s) of users that represent “the rest” of the company. 

CCM

Reply
0 votes
Dawn Cooper
Dawn Cooper
Contributor
May 9, 2023

I figured out a plan, I will use different local groups in Crowd with auto assignment based on an AD group and then apply the local groups in my permissions schemes. 

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events