You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
we want to use Crowd for the user management of several Jira and confluence servers with different users and groups. We also want to use our company wide Active Directory (where we don't have writing rights) as user base and authentication server. How do we get on for that?
I have installed the trial version of Crowd on a server and configured our Active Directory as Crowd Delegated Authentication directory. The test was successful, but even an empty user search does not give any result.
I followed the instructions on https://confluence.atlassian.com/crowd/getting-started-with-crowd-197298051.html
Now I am in doubt whether I should have chosen the first LDAP variant instead of the "delegated authentication"? I thought this couldn't be it as we can't store our Jira and confluence groups in the company Active Directory.
That's right, you should have chosen an LDAP directory connector instead of a delegated authentication one: https://confluence.atlassian.com/crowd/configuring-an-ldap-directory-connector-18579550.html
With delegated authentication, users are only retrieved in Crowd after they successfully authenticate.
You don't need to have any write privilege on AD for standard LDAP directory connector. The connector will synchronize users and groups from AD into Crowd and won't do any write operations on AD, at least if you don't want to. You should configure the connector with an AD user that does not have any write privileges on AD.
You're welcome @[deleted]!
I've edited and completed my answer as some community readers might want to use Crowd to do write operations on AD, which is also feasible. If you do not want Crowd to write anything on AD: