Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Is Crowd LDAP channel binding and signing compatible?

I am open to the possibility that it may just be a lingo difference, as I know Crowd can do SSL and can use a dedicated AD account to connect to LDAP.

Microsoft is implementing a LDAP channel binding and LDAP signing, and I have not find any Atlassian / Crowd documentation on this, just LDAP SSL and connection howtos/troubleshooting. 

To make sure, is Crowd compatible? Which settings is required and reference to for Crowd connecting to LDAP?

Thank you,




4 answers


How did you go with that?

We've implemented LDAP over TLS,  but still seeing unsigned binds


Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Event ID: 2889
Task Category: LDAP Interface
Level: Information
Keywords: Classic
Computer: xxxx
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.

Client IP address:
Identity the client attempted to authenticate as:
Binding Type:

It was one of my colleagues that created a signing certificate and configured it, and then another confirming that the crowd and other servers no longer reports as unsecure. I tested to make sure it did not impact logins and the single sign on plugin we use. 

Anyone find an answer to this? My company is preparing for the ldap security update as well and I am wondering if Crowd will be affected.

Right, forgot to update this.  Atlassian confirmed in a support ticket, after about a week of looking into it, that using LDAPS with Jira, Confluence, and Crowd, will not be impacted. We made a point of applying SSL to everything, and hoping it should be sufficient. 

Great, Thanks for the update! We are also planning to move to LDAPS in Crowd just wanted to make sure we weren't missing anything else. 

Hi new guy here, I am in the same boat where my organization is preparing for the Microsoft LDAP update. @Melanie Pasztor just to confirm Jira and Confluence will not be impacted by the update, do you have a link/source from Atlassian covering this topic? 

No, as it was a response from Atlassian Support. 

"Good day Melanie,

Thanks for your patience.

We reviewed Microsoft's documentation regarding the upcoming changes and confirmed it's just about enforcing secure connections (LDAPS) and other internal changes in the Windows registry (these settings already exist, but they are disabled by default).

We do not foresee any impact in the way Atlassian applications connect to Active Directory, and the settings can be disabled if there's any incompatibility. "

@Melanie Pasztor thank you for the reply

Update comes March 10th, no answer from Atlassian? How about general Jira Server Directory Connection?

0 votes

Hi @Melanie Pasztor , 

Crowd is compatible with LDAP and you can use the option of LDAP directory connector instead of a delegated authentication

With delegated authentication, users are only retrieved in Crowd after they successfully authenticate.

You don't need to have any write privilege on AD for standard LDAP directory connector. The connector will synchronize users and groups from AD into Crowd and won't do any write operations on AD, at least if you don't want to. You should configure the connector with an AD user that does not have any write privileges on AD.

For more info, refer to this community thread



Thank you for the answer. It is not the question though, as I am wondering if that is compatible with Microsoft LDAP update that is coming up. LDAP channel binding and LDAP signing. 

At present, we already are using read-only LDAP connector. Now we want to make sure it is secure and will not stop working after the Microsoft update in January 2020. If it will, we would like to correct that before then. 

Like Matt likes this

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events