Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,362,070
Community Members
 
Community Events
168
Community Groups

Can crowd act as a LDAP server

Yehosef Shapiro
Yehosef Shapiro Aug 27, 2011

I'm new to Crowd and LDAP so perhaps this is a silly question - but can crowd act as an LDAP server for other services? I understand that it can read from an LDAP server if I have one already - but we don't and I'm wondering if I can use Crowd for creating one (with a nice interface)?

Answer
Watch
Like # people like this
9552 views

5 answers

1 accepted

2 votes
Answer accepted
dwimberger
dwimberger Jul 10, 2012

Crowd itself may not act as an LDAP Server out of the box, but you may as well write an extension to achieve it. There are two options:

  1. Against the database
  2. Using the Crowd Rest interface

The first was done for a Codegeist and available for a while from the Atlassian Extensions page:

https://confluence.atlassian.com/display/CROWDEXT/Crowd+as+an+LDAP+Server

Pros:

  • You might be able to support authentication by lookups of password hashes on an administrative account.
  • Can be embedded into Crowd

Cons:

  • Depends on the schema and might quickly break when new versions are released.
  • Is embedded into Crowd (yes, it might as well be a disadvantage).
  • It may not allow you to access all users "hidden" behind Crowd (if various different directories of different types are configured)

The second approach can be achieved either embedded or standalone, and I have submitted a package to the new Marketplace (Open Source, Apache 2.0) that does it:

https://marketplace.atlassian.com/manage/plugins/net.wimpi.crowd.ldap.crowd-ldap-server

Pros:

  • Can be embedded or used standalone (above package is standalone).
  • The REST API can be assumed to be more stable than the schema
  • Allows to access all users "hidden" behind Crowd in all configured directories and types

Cons:

  • Does not allow to retrieve password hashes through an administrative account, so only BIND authentication is possible.
  • For the package I submitted: Is currently read-only, and may need some programming work if a specific layout is required.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Rising Star Jul 09, 2013

The URL seem to have some problems and the code on github vanished..!?

Like
Reply
2 votes
dwimberger
dwimberger Jul 11, 2013

If you refer to the crowd-ldap-server I posted, the links work perfectly fine:

https://github.com/dwimberger/crowd-ldap-server/downloads

https://github.com/dwimberger/crowd-ldap-server/

Personally verified 2 minutes ago.

View More Comments
Sorin Sbarnea (
Sorin Sbarnea (Citrix) Rising Star Jul 11, 2013

Thanks for the post it seems exactly what I was looking for, it was easy to start it and configure still I got stuck at one point. I opened a bug as it would be easier to track. Maybe if could help documenting the setup after I get it working ;)

Like
Vick Khera
Vick Khera Nov 13, 2015

Has anyone tried to extend this server to use crowd user attributes to store additional info to return a posixAccount object? All I need is the uidNumber/gidNumber and I'm golden. I unfortunately have 0 knowledge of java coding.

Like
Reply
2 votes
James Wong
James Wong Aug 31, 2011

At the moment "no". There is an existing issue you can follow: https://jira.atlassian.com/browse/CWD-1872

I am not aware of any plans of supporting this.

Reply
2 votes
Colin Goudie
Colin Goudie Rising Star Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply
0 votes
Colin Goudie
Colin Goudie Rising Star Aug 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
Community showcase
Sharon Tan
Sharon Tan
Published in Jira

Online AMA this week: Your project management questions answered by Jira Design Lead James Rotanson

We know that great teams require amazing project management chops. It's no surprise that great teams who use Jira have strong project managers, effective workflows, and secrets that bring planning ...

214 views 1 6
Read article

Atlassian Community Events

See all events