connect to crowd with ldap client

Posted by

I have tried to access Atlassian Crowd via a LDAP interface. Currently atlassian does not offer such a interface. The reason why I have tried to use the LDAP interface is that a lot of software products offer authentication against a LDAP backend.

Crowd offers only CrwodID for external access which is the obsolete OpenID 2.0. Currently no other external connection is possible. I have contacted Atlassian and asked if there is a plan when they will support the current active OpenID Connect standard. As usual for such companies they just answered we work on it not ETA.

Well because I needed another interface then the old OpenID I search and found this repo.

crowd-ldap-server

Now I have a way to go ;-). It’s just a read-only way but better then no way.

I cloned this repo and created a .gitlab-ci.yml to get a runnable jar file. At this point I say thank you gitlab for your excellent framework.

https://gitlab.com/aleks001/crowd-ldap-server/blob/master/.gitlab-ci.yml

The rest is like follow the doc about Integrating Crowd with a Custom Application and the crowd-ldap-server wiki.

You can use the systemd to run the created jar file as daemon.

I strongly suggest to use a own user to run the app!

useradd -m crowd

You can use this file as a start for your own service file

cat /lib/systemd/system/crowd-ldap-server.service
[Unit]
Description=LDAP Server for Crowd

[Service]
Type=simple
User=crowd
Group=crowd
ExecStart=/home/crowd/app/crowd-ldap-server/run.sh
Restart=on-abort

[Install]
WantedBy=multi-user.target

This is the run.sh

cat /home/crowd/app/crowd-ldap-server/run.sh
#!/bin/sh

cd /home/crowd/app/crowd-ldap-server

JAR=target/crowd-ldap-server-1.0.4-SNAPSHOT.jar

# Apache DS Settings
FIXADS="-Duser.language=de -Duser.country=AT"

# SSL Debugging
#DEBUG_SSL="-Djavax.net.debug=ssl"
DEBUG_SSL=

# Run Server
java $FIXADS $DEBUG_SSL -cp etc -jar $JAR $*

You will need a crowd.properties file before you can use the LDAP Server.

cat /home/crowd/app/crowd-ldap-server/etc/crowd.properties
application.name                        crowd-ldap-server
application.password                    <PASSWORD_FROM_CROWD_APPLICATON>
application.login.url                   https://<YOUR_DOMAIN>/crowd/console/

crowd.server.url                        https://<YOUR_DOMAIN>/crowd/services/

session.isauthenticated                 session.isauthenticated
session.tokenkey                        session.tokenkey
session.validationinterval              2
session.lastvalidation                  session.lastvalidation

Now execute the run.sh file and see if you are able to connect to crowd.

You can run a simple curl command to get all the users.

curl -v -u "dn=YOUR_CROWD_LOGIN,ou=users,dc=crowd" \
    'ldap://127.0.0.1:10389/ou=users,dc=crowd?*?sub?'

You can now run the crowd-ldap-server as a daemon with the systemd. The logs are in the syslog channel.

journalctl -fl -u crowd-ldap-server

You can also hire me for this or any further topics.

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s