This page last changed on Oct 20, 2008 by smaddox.

While you should already know the user DN you are using for your LDAP connection, it can be helpful to review the users and groups in Apache Directory Studio to determine the best scope for your Crowd LDAP directory configuration.

Crowd comes with default configurations that will work for most customers. In the examples below, we illustrate some common options for changing your user and group configurations.

There are a number of other attributes, not shown here, that can also be used to narrow the scope of users and groups.

Important Search Filter Notes
  • If you are unfamiliar with LDAP search filter syntax, please review this guide.
  • In order to use Object Filters larger than 255 characters, you will need to upgrade to Crowd to 1.5.1 or later, by installing a new Crowd instance (with a new database) and restoring an XML backup from your previous Crowd installation. For more information on upgrading Crowd please review the Upgrade Guide

On this page:

Example 1. Using a User's DN for Crowd Configuration

  1. Find a user in the scope you wish to use for Crowd. Highlight that user in Apache Directory Studio.

    Screenshot: User information in Apache Directory Studio



  2. Using the information about the user dmcgahan, you can narrow down the users returned in the Crowd directory to those in cn=Users who are members of either the confluence-users or the confluence-administrators group.
    User DN: cn=Users
    User Object Filter:
    (&(objectCategory=Person)(sAMAccountName=*)
    (|(memberOf=cn=confluence-users,ou=Groups,dc=sydney,dc=atlassian,dc=com)
    (memberOf=cn=confluence-administrators,ou=Groups,dc=sydney,dc=atlassian,dc=com)))



    Screenshot: The resulting user configuration in Crowd

Example 2: Using a Group's DN for Crowd Configuration

  1. Find a group in the scope you wish to use for Crowd. Highlight that group in Apache Directory Studio.

    Screenshot: Group information in Apache Directory Studio



  2. Using the information about the group confluence-users, you can narrow down the groups returned in the Crowd directory to those in ou=Groups and return only the confluence-users or the confluence-administrators group. Under most circumstances, it is best to apply any changes to both group and role configuration for consistency.
    Group DN: ou=Groups
    Group Object Filter:
    (&(objectCategory=Group)(|(cn=confluence-users)(cn=confluence-administrators)))



    Screenshot: The resulting group/role configuration in Crowd

RELATED TOPICS

Using Apache Directory Studio for Crowd LDAP Configuration


userdn.jpg (image/jpeg)
groupdn.jpg (image/jpeg)
crowduserconfig.jpg (image/jpeg)
crowdgroupconfig.jpg (image/jpeg)
crowduserconfig.jpg (image/jpeg)
crowdgroupconfig.jpg (image/jpeg)
Document generated by Confluence on Jul 30, 2009 01:31