Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Can crowd act as a LDAP server

Yehosef Shapiro
Yehosef Shapiro Aug 27, 2011

I'm new to Crowd and LDAP so perhaps this is a silly question - but can crowd act as an LDAP server for other services? I understand that it can read from an LDAP server if I have one already - but we don't and I'm wondering if I can use Crowd for creating one (with a nice interface)?

Answer
Watch
Like # people like this

5 answers

1 accepted

2 votes
Answer accepted
dwimberger
dwimberger Jul 10, 2012

Crowd itself may not act as an LDAP Server out of the box, but you may as well write an extension to achieve it. There are two options:

  1. Against the database
  2. Using the Crowd Rest interface

The first was done for a Codegeist and available for a while from the Atlassian Extensions page:

https://confluence.atlassian.com/display/CROWDEXT/Crowd+as+an+LDAP+Server

Pros:

  • You might be able to support authentication by lookups of password hashes on an administrative account.
  • Can be embedded into Crowd

Cons:

  • Depends on the schema and might quickly break when new versions are released.
  • Is embedded into Crowd (yes, it might as well be a disadvantage).
  • It may not allow you to access all users "hidden" behind Crowd (if various different directories of different types are configured)

The second approach can be achieved either embedded or standalone, and I have submitted a package to the new Marketplace (Open Source, Apache 2.0) that does it:

https://marketplace.atlassian.com/manage/plugins/net.wimpi.crowd.ldap.crowd-ldap-server

Pros:

  • Can be embedded or used standalone (above package is standalone).
  • The REST API can be assumed to be more stable than the schema
  • Allows to access all users "hidden" behind Crowd in all configured directories and types

Cons:

  • Does not allow to retrieve password hashes through an administrative account, so only BIND authentication is possible.
  • For the package I submitted: Is currently read-only, and may need some programming work if a specific layout is required.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Jul 09, 2013

The URL seem to have some problems and the code on github vanished..!?

Like
Reply
2 votes
Colin Goudie
Colin Goudie Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply
2 votes
James Wong5
James Wong Aug 31, 2011

At the moment "no". There is an existing issue you can follow: https://jira.atlassian.com/browse/CWD-1872

I am not aware of any plans of supporting this.

Reply
2 votes
dwimberger
dwimberger Jul 11, 2013

If you refer to the crowd-ldap-server I posted, the links work perfectly fine:

https://github.com/dwimberger/crowd-ldap-server/downloads

https://github.com/dwimberger/crowd-ldap-server/

Personally verified 2 minutes ago.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Jul 11, 2013

Thanks for the post it seems exactly what I was looking for, it was easy to start it and configure still I got stuck at one point. I opened a bug as it would be easier to track. Maybe if could help documenting the setup after I get it working ;)

Like
Vick Khera
Vick Khera Nov 13, 2015

Has anyone tried to extend this server to use crowd user attributes to store additional info to return a posixAccount object? All I need is the uidNumber/gidNumber and I'm golden. I unfortunately have 0 knowledge of java coding.

Like
Reply
0 votes
Colin Goudie
Colin Goudie Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply

Suggest an answer

Log in or Sign up to answer
Community showcase
Kate Clavet
Kate Clavet
Published in Opsgenie

Two Chances to Improve your Incident Management Workflow

Hi there!  We all know that incidents can be messy, but they happen. Managing your response and planning ahead can make a *huge* difference in the duration and chaos of an incident. We have ...

118 views 0 2
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you