Skip to Content
Skip Breadcrumb

connect to crowd with ldap client [UPDATE]

Posted on Modified on by Aleksandar Lazic

I have tried to access Atlassian Crowd via a LDAP interface but atlassian does not offer such a interface,currently.
The reason why I nee to use the LDAP interface is that a lot of software products offer authentication against a LDAP backend but not against openid.net.

Last modified: Sep 29 2017

Crowd offers CrwodID for external access which is the obsolete OpenID 2.0.
There is a REST API for anyone who want to integreate Crowd in his app.
I have contacted Atlassian and asked if there is a plan when they will support the current active OpenID Connect standard. As usual for such companies they just answered we work on it no ETA as you can see on this answer crowd openid connect

The old OpenID interface is not a option for me for now I’ve search on startpage and found the repo crowd-ldap-server, this is a way to go ;-).

I cloned this repo and created a .gitlab-ci.yml to get a runnable jar file.

At this point I say thank gitlab for your excellent framework.

need to be include like gist short code

https://gitlab.com/aleks001/crowd-ldap-server/blob/a6f60428ae251d1003b1f6274e01cce039a3fc1e/.gitlab-ci.yml

The rest is like follow the doc about Integrating Crowd with a Custom Application and the crowd-ldap-server wiki.

You can use the systemd to run the created jar file as daemon.

useradd -m crowd

You can use this file as a start for your own service file

cat /lib/systemd/system/crowd-ldap-server.service
[Unit]
Description=LDAP Server for Crowd

[Service]
Type=simple
User=crowd
Group=crowd
ExecStart=/home/crowd/app/crowd-ldap-server/run.sh
Restart=on-abort

[Install]
WantedBy=multi-user.target

This is the run.sh file

cat /home/crowd/app/crowd-ldap-server/run.sh
#!/bin/sh

cd /home/crowd/app/crowd-ldap-server

JAR=target/crowd-ldap-server-1.0.4-SNAPSHOT.jar

# Apache DS Settings
FIXADS="-Duser.language=de -Duser.country=AT"

# SSL Debugging
#DEBUG_SSL="-Djavax.net.debug=ssl"
DEBUG_SSL=

# Run Server
java $FIXADS $DEBUG_SSL -cp etc -jar $JAR $*

You will need a crowd.properties file before you can use the LDAP Server.

UPDATE: For crowd 3.0 is the crowd.properties obsolete The crowd.properties file is no longer used

cat /home/crowd/app/crowd-ldap-server/etc/crowd.properties
application.name                        crowd-ldap-server
application.password                    <PASSWORD_FROM_CROWD_APPLICATON>
application.login.url                   https://<YOUR_DOMAIN>/crowd/console/

crowd.server.url                        https://<YOUR_DOMAIN>/crowd/services/

session.isauthenticated                 session.isauthenticated
session.tokenkey                        session.tokenkey
session.validationinterval              2
session.lastvalidation                  session.lastvalidation

Now execute the run.sh file and see if you are able to connect to crowd.

Check via a simple curl command that you get all the users from crowd.

curl -v -u "dn=YOUR_CROWD_LOGIN,ou=users,dc=crowd" \
    'ldap://127.0.0.1:10389/ou=users,dc=crowd?*?sub?'

Start the crowd-ldap-server daemon.
The logs are in the syslog channel.

journalctl -fl -u crowd-ldap-server

You can contact me for any further questions and orders