It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can crowd act as a LDAP server

I'm new to Crowd and LDAP so perhaps this is a silly question - but can crowd act as an LDAP server for other services? I understand that it can read from an LDAP server if I have one already - but we don't and I'm wondering if I can use Crowd for creating one (with a nice interface)?

5 answers

1 accepted

2 votes
Answer accepted

Crowd itself may not act as an LDAP Server out of the box, but you may as well write an extension to achieve it. There are two options:

  1. Against the database
  2. Using the Crowd Rest interface

The first was done for a Codegeist and available for a while from the Atlassian Extensions page:

https://confluence.atlassian.com/display/CROWDEXT/Crowd+as+an+LDAP+Server

Pros:

  • You might be able to support authentication by lookups of password hashes on an administrative account.
  • Can be embedded into Crowd

Cons:

  • Depends on the schema and might quickly break when new versions are released.
  • Is embedded into Crowd (yes, it might as well be a disadvantage).
  • It may not allow you to access all users "hidden" behind Crowd (if various different directories of different types are configured)

The second approach can be achieved either embedded or standalone, and I have submitted a package to the new Marketplace (Open Source, Apache 2.0) that does it:

https://marketplace.atlassian.com/manage/plugins/net.wimpi.crowd.ldap.crowd-ldap-server

Pros:

  • Can be embedded or used standalone (above package is standalone).
  • The REST API can be assumed to be more stable than the schema
  • Allows to access all users "hidden" behind Crowd in all configured directories and types

Cons:

  • Does not allow to retrieve password hashes through an administrative account, so only BIND authentication is possible.
  • For the package I submitted: Is currently read-only, and may need some programming work if a specific layout is required.

The URL seem to have some problems and the code on github vanished..!?

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

At the moment "no". There is an existing issue you can follow: https://jira.atlassian.com/browse/CWD-1872

I am not aware of any plans of supporting this.

If you refer to the crowd-ldap-server I posted, the links work perfectly fine:

https://github.com/dwimberger/crowd-ldap-server/downloads

https://github.com/dwimberger/crowd-ldap-server/

Personally verified 2 minutes ago.

Thanks for the post it seems exactly what I was looking for, it was easy to start it and configure still I got stuck at one point. I opened a bug as it would be easier to track. Maybe if could help documenting the setup after I get it working ;)

Has anyone tried to extend this server to use crowd user attributes to store additional info to return a posixAccount object? All I need is the uidNumber/gidNumber and I'm golden. I unfortunately have 0 knowledge of java coding.

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Opsgenie

Two Chances to Improve your Incident Management Workflow

Hi there!  We all know that incidents can be messy, but they happen. Managing your response and planning ahead can make a *huge* difference in the duration and chaos of an incident. We have ...

118 views 0 2
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you