Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-585

Support for user-specific bind to LDAP

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Won't Fix
    • None
    • Directory - LDAP
    • None
    • 3

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Crowd binds to for instance OpenLDAP with a preconfigured username and password, which implies that all use of the same directory configuration has the same rights in the LDAP directory. (This could be worked around by configuring multiple connectors to the same backend with different users, but this would soon be a messy configuration.)

      It would be really useful to enable Crowd to use anonymous bind to the LDAP directory with the end users own credentials, thus performing operations that the user has right to do.

      For instance: If we only want a few users to be able to add new users to the directory, this can be set in OpenLDAP with ACLs. When I log into Crowd it should be, in my opinion, the LDAP directory that authorizes me to perform write operations.

      Storing a root/manager-password for the directory in Crowd is the only way for some directories/backends, but for more flexible backends like OpenLDAP it should not be necessary to do this. One can argue that it increases security if no username/passwords are stored in Crowd at all, and since Crowd is an important component in a security framework this should be supported.

            [CWD-585] Support for user-specific bind to LDAP

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3362746 ] New: JAC Suggestion Workflow 3 [ 3626452 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1392964 ] New: JAC Suggestion Workflow [ 3362746 ]
            Issue Type Original: New Feature [ 2 ] New: Suggestion [ 10000 ]
            vkharisma made changes -
            Link New: This issue is related to CONFCLOUD-22008 [ CONFCLOUD-22008 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 273803 ] New: Simplified Crowd Development Workflow v2 [ 1392964 ]
            shihab made changes -
            Resolution New: Won't Fix [ 2 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]
            shihab made changes -
            Summary Original: Support for anonymous bind to LDAP New: Support for user-specific bind to LDAP
            Matt Ryall made changes -
            Link New: This issue is related to CONF-22008 [ CONF-22008 ]
            jawong.adm made changes -
            Workflow Original: Feature Request Workflow [ 173566 ] New: Crowd Development Workflow v2 [ 273803 ]
            Support Count Updater made changes -
            Support reference count New: 3
            Justin Koke made changes -
            Workflow Original: jira [ 116815 ] New: Feature Request Workflow [ 173566 ]

              justen.stepka@atlassian.com Justen Stepka [Atlassian]
              865f90db8294 Lars Preben Sørsdahl
              Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: