I am trying to use crowd to manage access to atlassian tools for my group at a larger company. We are using an open ldap instance as our directory, which holds tens of thousands of users. Our license only supports up to 500 users, so when I failed to constrain the users correctly, crowd shuts down saying that our license does not allow this many users.
The obvious answer is to use the User Object Filter to reduce the imported users to only the users in our group. Unfortunately, the ldap admins have not enabled the memberOf attribute in their open ldap instance, and I do not have any sway with them to enable it. The group objects have the memberUid attribute set, which means I can find out who is in the group, however I am unable to craft an ldap search which returns the user records in a given group.
Is there any other way of informing Crowd that it should pull both groups and users from an ldap server, but it should only consider users in a specific ldap group towards the users we want supported in crowd (and thereby counted for our license)?
Note that I also need to pull many groups from ldap, some of which will have many users that I do not want to be imported into crowd.
What about if you try to filter through OU? Not sure if the users you want to filter are in the same place, but if it's the case, you may create the filter as set on these examples: https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters
Hope it helps!
I'm John Allspaw, co-founder of Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs