I have tried to access Atlassian Crowd via a LDAP interface but atlassian
does not offer such a interface,currently.
The reason why I nee to use the LDAP interface is that a lot of software products offer authentication against a LDAP backend but not against openid.net.
Last modified: Sep 29 2017
Crowd offers CrwodID for external access
which is the obsolete OpenID 2.0.
There is a REST API for anyone who want to integreate Crowd in his app.
I have contacted Atlassian and asked if there is a plan when they will support the current active OpenID Connect standard. As usual for such companies they just answered we work on it no ETA as you can see on this answer crowd openid connect
I cloned this repo and created a
.gitlab-ci.yml to get a runnable jar file.
At this point I say thank gitlab for your excellent framework.
need to be include like gist short code
You can use the systemd to run the created jar file as daemon.
useradd -m crowd
You can use this file as a start for your own service file
cat /lib/systemd/system/crowd-ldap-server.service [Unit] Description=LDAP Server for Crowd [Service] Type=simple User=crowd Group=crowd ExecStart=/home/crowd/app/crowd-ldap-server/run.sh Restart=on-abort [Install] WantedBy=multi-user.target
This is the
cat /home/crowd/app/crowd-ldap-server/run.sh #!/bin/sh cd /home/crowd/app/crowd-ldap-server JAR=target/crowd-ldap-server-1.0.4-SNAPSHOT.jar # Apache DS Settings FIXADS="-Duser.language=de -Duser.country=AT" # SSL Debugging #DEBUG_SSL="-Djavax.net.debug=ssl" DEBUG_SSL= # Run Server java $FIXADS $DEBUG_SSL -cp etc -jar $JAR $*
You will need a
crowd.properties file before you can use the LDAP Server.
UPDATE: For crowd 3.0 is the
crowd.properties obsolete The crowd.properties file is no longer used
cat /home/crowd/app/crowd-ldap-server/etc/crowd.properties application.name crowd-ldap-server application.password <PASSWORD_FROM_CROWD_APPLICATON> application.login.url https://<YOUR_DOMAIN>/crowd/console/ crowd.server.url https://<YOUR_DOMAIN>/crowd/services/ session.isauthenticated session.isauthenticated session.tokenkey session.tokenkey session.validationinterval 2 session.lastvalidation session.lastvalidation
Now execute the run.sh file and see if you are able to connect to crowd.
Check via a simple curl command that you get all the users from crowd.
curl -v -u "dn=YOUR_CROWD_LOGIN,ou=users,dc=crowd" \ 'ldap://127.0.0.1:10389/ou=users,dc=crowd?*?sub?'
Start the crowd-ldap-server daemon.
The logs are in the syslog channel.
journalctl -fl -u crowd-ldap-server