Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Can I restrict a specific AD groups from 1 of my directories in crowd (!(cn=AD Group)

Dawn Cooper April 6, 2023

I have the need to allow just 1 AD Group in 1 of my directories to authenticate and automatically add the users to a specific local group in Crowd to map to Jira. Then that same AD group I need to restrict from everything else to prevent any crossover. 


would this work in my object category configuration to filter them out and prevent authentication and access that way when I must check the box to authenticate against all directories otherwise? 

Crowd v 4.3.5

Jira v8.13.18

2 answers

1 vote
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 13, 2023

Hi @Dawn Cooper 

Then that same AD group I need to restrict from everything else to prevent any crossover.” - can you give any more context about what “everything else” is?

Your proposed LDAP filter would/should block that group from being exposed to Crowd, you can only implement LDAP filters on a per directory basis in Crowd, so if you wanted to let users in ADGroupname to authenticate to Jira, you would either need to have two Crowd directories (on excludes this group, one includes only this group), and then map those directories to the relevant application(s), or - depending on what “everything else” is - let’s say you’ve got Confluence and Bitbucket connected to the same Crowd server and you don’t want these users using either of those apps, you’d leave the “allow all users to authenticate” option unchecked on the Conf+BB Crowd Application pages, and then select the relevant group(s) of users that represent “the rest” of the company. 


0 votes
Dawn Cooper May 9, 2023

I figured out a plan, I will use different local groups in Crowd with auto assignment based on an AD group and then apply the local groups in my permissions schemes. 

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events