Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources

Can crowd act as a LDAP server

Yehosef Shapiro
Yehosef Shapiro Aug 27, 2011

I'm new to Crowd and LDAP so perhaps this is a silly question - but can crowd act as an LDAP server for other services? I understand that it can read from an LDAP server if I have one already - but we don't and I'm wondering if I can use Crowd for creating one (with a nice interface)?

Answer
Watch
Like 5 people like this

5 answers

1 accepted

2 votes
Dieter Wimberge
Dieter Wimberger Jul 10, 2012

Crowd itself may not act as an LDAP Server out of the box, but you may as well write an extension to achieve it. There are two options:

  1. Against the database
  2. Using the Crowd Rest interface

The first was done for a Codegeist and available for a while from the Atlassian Extensions page:

https://confluence.atlassian.com/display/CROWDEXT/Crowd+as+an+LDAP+Server

Pros:

  • You might be able to support authentication by lookups of password hashes on an administrative account.
  • Can be embedded into Crowd

Cons:

  • Depends on the schema and might quickly break when new versions are released.
  • Is embedded into Crowd (yes, it might as well be a disadvantage).
  • It may not allow you to access all users "hidden" behind Crowd (if various different directories of different types are configured)

The second approach can be achieved either embedded or standalone, and I have submitted a package to the new Marketplace (Open Source, Apache 2.0) that does it:

https://marketplace.atlassian.com/manage/plugins/net.wimpi.crowd.ldap.crowd-ldap-server

Pros:

  • Can be embedded or used standalone (above package is standalone).
  • The REST API can be assumed to be more stable than the schema
  • Allows to access all users "hidden" behind Crowd in all configured directories and types

Cons:

  • Does not allow to retrieve password hashes through an administrative account, so only BIND authentication is possible.
  • For the package I submitted: Is currently read-only, and may need some programming work if a specific layout is required.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Jul 09, 2013

The URL seem to have some problems and the code on github vanished..!?

Reply
2 votes
Colin Goudie
Colin Goudie Community Champion Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply
2 votes
James Wong5
James Wong Aug 31, 2011

At the moment "no". There is an existing issue you can follow: https://jira.atlassian.com/browse/CWD-1872

I am not aware of any plans of supporting this.

Reply
2 votes
Dieter Wimberge
Dieter Wimberger Jul 11, 2013

If you refer to the crowd-ldap-server I posted, the links work perfectly fine:

https://github.com/dwimberger/crowd-ldap-server/downloads

https://github.com/dwimberger/crowd-ldap-server/

Personally verified 2 minutes ago.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Jul 11, 2013

Thanks for the post it seems exactly what I was looking for, it was easy to start it and configure still I got stuck at one point. I opened a bug as it would be easier to track. Maybe if could help documenting the setup after I get it working ;)

Vick Khera
Vick Khera Nov 13, 2015

Has anyone tried to extend this server to use crowd user attributes to store additional info to return a posixAccount object? All I need is the uidNumber/gidNumber and I'm golden. I unfortunately have 0 knowledge of java coding.

Reply
0 vote
Colin Goudie
Colin Goudie Community Champion Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Maggie Roney
Maggie Roney
 Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

576 views 6 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you