Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Is there a way to manually synchronize CROWD with LDAP directory?

Luc O. December 4, 2019

I'm using CROWD 3.4.4 and have a connector directory defined to connect to LDAP.  Our email domain has just changed and I would like to synchronize all user accounts.  Is there a way for me to do this manually?

I've seen a few posts that refer to synchronize option under the Connector tab of the Directory configuration but I don't have such an option.

Thanks for your help and time!

1 answer

1 accepted

0 votes
Answer accepted
Luc O. December 4, 2019

I have figured out a way... not sure if this is the best way but it works.  I started by doing a select in the CROWD database to get all my user ids.  I then took that list and I simply did a curl call the CROWD REST API to the following URL:

/rest/usermanagement/1/session?validate-password=false

Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 4, 2019

Hi @Luc O. 

If you have a connector directory there should be a button called 'Synchronize now' on the details tab in directory configuration. If you don't see that button perhaps you have a delegated authentication directory?

The reason the URL you've mentioned worked is that you've simulated a login event for each user which fetched the data from the remote directory (this happens normally on each user login). Note that if you were interested in updating memberships this approach would only work if you had option 'Synchronize group memberships when logging in' set to `Every time a user logs in'

This update also happens when user logs in to application.

 

Just to clarify for others, that may be using your approach the call had to be HTTP POST with Basic-Authentication and credentials for that authentication should be as for one of the applications that is connected to Crowd. Also I am guessing you had to provide `authentication-context` a json body with username and `validation-factors`, correct?

 

Best Regards,

Marcin Kempa

Luc O. December 5, 2019

Hi @Marcin Kempa ,

I don't have a button called 'Synchronize now'.

Here is the command I used with the above URL:

curl --basic -u "<applicationId>:<applicationIdPassword>" -k -X POST -H "Accept: application/json" -H "Content-type: application/json" --data '{"username":"aUserName"}' <CROWD base url>/rest/usermanagement/1/session?validate-password=false

 In order to be able to do all users, I simply did the following query in the CROWD database (Oracle in my case):

  SELECT user_name
FROM cwd_user
WHERE directory_id = <aDirectoryId>
ORDER BY user_name;

After doing this SQL, I saved the output to a file and ran the following in a bash shell:

for u in `cat userList.txt`; do echo $u; curl --basic -u "<applicationId>:<applicationIdPassword>" -k -X POST -H "Accept: application/json" -H "Content-type: application/json" --data '{"username":"'$u'"}' <CROWD base url>/rest/usermanagement/1/session?validate-password=false; done

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events