Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5473

Make it possible to add failover URLs in the _Directory_ Connector

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Directories
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      It would be great it would be possible when for example connecting to Microsoft AD, to add failover URLs directly in the directory connector.

      When using crowd to connect to Microsoft AD today, it's possible to add failover by creating another (identical) directory and then adding them both to the applications directories.

      However this setup have many drawbacks.
      In our setup we have a global Microsoft AD (which are available at 4 URLs/IPs), and in our setup for our country it fetches only "our" users from the AD (2000 of total 40.000). We also have our "jira" groups created locally in the crowd instance.

      Using the above approach gives the following issues:

      • To have multiple directories with the same config (except the URL), is errorprone and its easy to do a mistake with one directory when updating its config. 
      • Since all groups are created in the primary directory, we must use directory aggregation in order to have the groups if the users logs in from the failover group. However directory aggregation is not wanted for our other directories with customer users.
      • It´s not possible from the failover directory to filter out who can authenticate (e.g. users in the confluence-users group only, instead everyone must be able to authenticate in crowd --> we need to have higher crowd license than nescessary.
      • Crowd must duplicate the same users since it need to fetch them again to all directories, unless using delegated authentication directory. However with delegated directory, the application can´t longer use the  incremental synchronization. 

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            roger.oberg Roger Oberg
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: