Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

How to specify LDAP client certificate for G-Suite connector?

William Rosenbloom
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 19, 2020

We are trying to import our G-Suite users into Crowd using Google's LDAP service. G-Suite requires a client certificate for LDAP authentication. There is no way in Crowd to provide a client certificate to any of the built-in directory connectors. We tried several, but we think the correct choice is probably OpenLDAP.

I tried following the instructions offered by Google for connecting Jira to their LDAP service. We already have a key-store that we use for our TLS cert in $CROWD_INSTALL_DIR/shared/ssl.jks. So I modified the setenv.sh file to include the following.

JAVA_OPTS="-Xms128m -Xmx512m -Dfile.encoding=UTF-8 $JAVA_OPTS"
echo "$JAVA_OPTS"
JAVA_OPTS="-Djavax.net.ssl.keyStore=/var/crowd-home/shared/ssl.jks -Djavax.net.ssl.keyStorePassword=fake $JAVA_OPTS"
export JAVA_OPTS

 I then specified the rest of the configuration, including username and password, through the web interface. But I got the same result as without any client certificate.

How do we provide this client certificate to Google?

1 answer

0 votes
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 20, 2020

Hi @William Rosenbloom 

As you pointed out, there is no option to configure certificate authentication in Crowd's LDAP directory connector at this time. Thus I suggest that you use stunnel as recommended by Google in such cases.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events