This page last changed on Jun 28, 2009 by smaddox.

This page provides configuration notes for Microsoft Active Directory. This page is related to Configuring an LDAP Directory Connector.

Screenshot: Connector — Microsoft Active Directory



Attribute Description
Connector The directory connector to use when communicating with the directory server.
URL The connection URL to use when connecting to the directory server, e.g.: ldap://localhost:389, or port 636 for SSL.
Secure SSL Specifies whether the connection to the directory server is an SSL connection.
Use Node Referrals Use the JNDI lookup java.naming.referral option. Generally needed for Active Directory servers configured without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed Continuation Reference(s)' error.
Use Nested Groups Enable or disable support for nested groups on the LDAP user directory.
Use the User Membership Attribute Put a tick in the checkbox if your Active Directory supports the group membership attribute on the user. (By default, this is the 'memberOf' attribute.)
  • If this checkbox is ticked, Crowd will use the group membership attribute on the user when retrieving the members of a given group. This will result in a more efficient retrieval.
  • If this checkbox is not ticked, Crowd will use the members attribute on the group ('member' by default) for the search.
  • If the 'Use Nested Groups' checkbox is ticked, Crowd will ignore the 'Use the User Membership Attribute' option and will use the members attribute on the group for the search.
Use 'memberOf' for Group Membership Put a tick in the checkbox if your Active Directory supports the 'memberOf' attribute on the user.
  • If this checkbox is ticked, Crowd will use the 'memberOf' attribute when retrieving the list of groups to which a given user belongs. This will result in a more efficient search.
  • If this checkbox is not ticked, Crowd will use the members attribute on the group ('member' by default) for the search.
Use Paged Results Use the LDAP control extension for simple paging of search results. Retrieves chunks of data rather than all of the search results at once. This feature may be necessary when using Microsoft Active Directory if more than 999 results are returned for any given search.
Paged Results Size Enter the desired page size i.e. the maximum number of search results to be returned per page, when paged results are enabled. Defaults to 999 results.
Use Relaxed DN Standardisation This setting determines how Crowd will compare DNs to determine if they are equal. See Configuring Relaxed DN Standardisation.
  • If this checkbox is ticked, Crowd will do a direct, case-insensitive, string comparison. This is the default and recommended setting for Active Directory, because Active Directory guarantees the format of DNs. Using relaxed DN standardisation will result in a significant performance improvement.
  • If this checkbox is not ticked, Crowd will parse the DN and then check the parsed version.
Enable Caching Put a tick in the checkbox to enable directory caching. Directory caching can provide fast recurrent access to user, group and role data for a particular directory. This can provide significant performance improvements for applications such as JIRA, which require large amounts of user information. Please read the full instructions: Configuring Caching for an LDAP Directory.
Max Cache Elements in Memory This checkbox appears if 'Enable Caching' is ticked. Specify the maximum number of cache elements to be held in memory before overflowing to disk. Please read the full instructions: Configuring Caching for an LDAP Directory.
Polling Interval This checkbox appears if 'Enable Caching' is ticked. Crowd will send a request to Active Directory every x seconds, where 'x' is the number specified here. Please read the full instructions: Configuring Caching for an LDAP Directory.
Base DN Enter the root distinguished name to use when running queries versus the directory server, e.g.: o=acmecorp,c=com.
User DN Distinguished name of the user that Crowd will use when connecting to the directory server.
Password The password that Crowd will use when connecting to the directory server.


Configuration notes for Microsoft Active Directory

Active Directory Attribute Value
URL The URL for Microsoft Active Directory should be in the following format: ldap://domainname.
Base DN cn=users,dc=ad,dc=acmecorp,dc=com
For Microsoft Active Directory, specify the Base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.
User DN administrator@ad.acmecorp.com
Configuring an SSL Certificate for Microsoft Active Directory
If you wish to use Crowd to add users or change passwords in Microsoft Active Directory, you will need to install an SSL certificated generated by your Active Directory server and then install the certificate into your JVM keystore. Please read the instructions: Configuring an SSL Certificate for Microsoft Active Directory.
Integrating Crowd with ADAM
We have not tested Crowd integration with Active Directory Application Mode (ADAM). However, ADAM and Active Directory share the same code base, LDAP interface and API. So ADAM should work with Crowd, following the same integration instructions as above. If you try it, we'd be interested to hear of your experiences.

Next Step

Go back to Configuring an LDAP Directory Connector


RELATED TOPICS

Using Apache Directory Studio for Crowd LDAP Configuration
Crowd Documentation


Document generated by Confluence on Jul 30, 2009 01:29