I have tried to access Atlassian Crowd via a LDAP interface. Currently atlassian does not offer such a interface. The reason why I have tried to use the LDAP interface is that a lot of software products offer authentication against a LDAP backend.
Crowd offers only CrwodID for external access which is the obsolete OpenID 2.0. Currently no other external connection is possible. I have contacted Atlassian and asked if there is a plan when they will support the current active OpenID Connect standard. As usual for such companies they just answered we work on it not ETA.
Well because I needed another interface then the old OpenID I search and found this repo.
Now I have a way to go ;-). It’s just a read-only way but better then no way.
I cloned this repo and created a
.gitlab-ci.yml to get a runnable jar file. At this point I say thank you gitlab for your excellent framework.
You can use the systemd to run the created jar file as daemon.
I strongly suggest to use a own user to run the app!
useradd -m crowd
You can use this file as a start for your own service file
cat /lib/systemd/system/crowd-ldap-server.service [Unit] Description=LDAP Server for Crowd [Service] Type=simple User=crowd Group=crowd ExecStart=/home/crowd/app/crowd-ldap-server/run.sh Restart=on-abort [Install] WantedBy=multi-user.target
This is the run.sh
cat /home/crowd/app/crowd-ldap-server/run.sh #!/bin/sh cd /home/crowd/app/crowd-ldap-server JAR=target/crowd-ldap-server-1.0.4-SNAPSHOT.jar # Apache DS Settings FIXADS="-Duser.language=de -Duser.country=AT" # SSL Debugging #DEBUG_SSL="-Djavax.net.debug=ssl" DEBUG_SSL= # Run Server java $FIXADS $DEBUG_SSL -cp etc -jar $JAR $*
You will need a
crowd.properties file before you can use the LDAP Server.
cat /home/crowd/app/crowd-ldap-server/etc/crowd.properties application.name crowd-ldap-server application.password <PASSWORD_FROM_CROWD_APPLICATON> application.login.url https://<YOUR_DOMAIN>/crowd/console/ crowd.server.url https://<YOUR_DOMAIN>/crowd/services/ session.isauthenticated session.isauthenticated session.tokenkey session.tokenkey session.validationinterval 2 session.lastvalidation session.lastvalidation
Now execute the run.sh file and see if you are able to connect to crowd.
You can run a simple curl command to get all the users.
curl -v -u "dn=YOUR_CROWD_LOGIN,ou=users,dc=crowd" \ 'ldap://127.0.0.1:10389/ou=users,dc=crowd?*?sub?'
You can now run the crowd-ldap-server as a daemon with the systemd. The logs are in the syslog channel.
journalctl -fl -u crowd-ldap-server