Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Can crowd act as a LDAP server

Yehosef Shapiro
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 27, 2011

I'm new to Crowd and LDAP so perhaps this is a silly question - but can crowd act as an LDAP server for other services? I understand that it can read from an LDAP server if I have one already - but we don't and I'm wondering if I can use Crowd for creating one (with a nice interface)?

5 answers

1 accepted

2 votes
Answer accepted
dwimberger
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 10, 2012

Crowd itself may not act as an LDAP Server out of the box, but you may as well write an extension to achieve it. There are two options:

  1. Against the database
  2. Using the Crowd Rest interface

The first was done for a Codegeist and available for a while from the Atlassian Extensions page:

https://confluence.atlassian.com/display/CROWDEXT/Crowd+as+an+LDAP+Server

Pros:

  • You might be able to support authentication by lookups of password hashes on an administrative account.
  • Can be embedded into Crowd

Cons:

  • Depends on the schema and might quickly break when new versions are released.
  • Is embedded into Crowd (yes, it might as well be a disadvantage).
  • It may not allow you to access all users "hidden" behind Crowd (if various different directories of different types are configured)

The second approach can be achieved either embedded or standalone, and I have submitted a package to the new Marketplace (Open Source, Apache 2.0) that does it:

https://marketplace.atlassian.com/manage/plugins/net.wimpi.crowd.ldap.crowd-ldap-server

Pros:

  • Can be embedded or used standalone (above package is standalone).
  • The REST API can be assumed to be more stable than the schema
  • Allows to access all users "hidden" behind Crowd in all configured directories and types

Cons:

  • Does not allow to retrieve password hashes through an administrative account, so only BIND authentication is possible.
  • For the package I submitted: Is currently read-only, and may need some programming work if a specific layout is required.

Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 9, 2013

The URL seem to have some problems and the code on github vanished..!?

2 votes
dwimberger
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 11, 2013

If you refer to the crowd-ldap-server I posted, the links work perfectly fine:

https://github.com/dwimberger/crowd-ldap-server/downloads

https://github.com/dwimberger/crowd-ldap-server/

Personally verified 2 minutes ago.

Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 11, 2013

Thanks for the post it seems exactly what I was looking for, it was easy to start it and configure still I got stuck at one point. I opened a bug as it would be easier to track. Maybe if could help documenting the setup after I get it working ;)

Vick Khera November 13, 2015

Has anyone tried to extend this server to use crowd user attributes to store additional info to return a posixAccount object? All I need is the uidNumber/gidNumber and I'm golden. I unfortunately have 0 knowledge of java coding.

2 votes
James Wong August 31, 2011

At the moment "no". There is an existing issue you can follow: https://jira.atlassian.com/browse/CWD-1872

I am not aware of any plans of supporting this.

2 votes
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

0 votes
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 27, 2011

Sort of similar to this question - https://answers.atlassian.com/questions/3088/can-i-authenticate-linux-user-accounts-using-pam-against-crowd-or-is-crowd-an-ldap-server

In short though, it doesn't provide an LDAP interface so you can't treat it as a pure LDAP directory.

However, as crowd as an internal directory, you can use it to manage your users and groups, but the application you integrate with Crowd will need to be able to talk to crowd. i.e. be crowdified as we like to say.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events