Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-962

Automation for delegated directories

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 2.2
    • SOAP
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      While the delegated directories are a nice attempt to solve problems with membership of LDAP/AD users into Crowd controlled groups, it falls short since it is a one time load or manual load. This introduces more administrative overhead for managing users - something Crowd was suppose to help. So now I have LDAP/AD users and groups and a copy in the delegated directory, so I need a automated way to keep these in sync. The fact that Crowd will automatically add a user to the delegated directory if they successfully validate to LDAP/AD doesn't help because they are missing their group membership which is critical for proper authorities. So either make the delegated directory smart enough to keep in sync or provide a remote API (SOAP) to allow the sync operation to be automated. The API should allow for a sync update to complete without application interruption. Must support option to allow deleted users to remain in delegated directory as disabled users.

            [CWD-962] Automation for delegated directories

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3388434 ] New: JAC Suggestion Workflow 3 [ 3630447 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1392982 ] New: JAC Suggestion Workflow [ 3388434 ]
            Assignee Original: David O'Flynn [Atlassian] [ doflynn ]
            Issue Type Original: Improvement [ 4 ] New: Suggestion [ 10000 ]

            Rock Sea added a comment -

            VIP acc free

            Rock Sea added a comment - VIP acc free
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 273653 ] New: Simplified Crowd Development Workflow v2 [ 1392982 ]
            Stephan Haslinger made changes -
            Link New: This issue relates to CWD-2478 [ CWD-2478 ]

            Bob Swift added a comment -

            I installed 2.2.7 and read the documentation. It appears that the support does not meet our needs either . We have a delegated directory - my understanding is that this support does nothing for delegated directories to enable automatic synchronization. Please correct me if I am wrong. The newer LDAP connector directories do not allow user defined attributes: Custom user attributes are not yet supported for LDAP directories even though there is an entry field showing. We already have a number of attributes defined and in use .

            Bob Swift added a comment - I installed 2.2.7 and read the documentation. It appears that the support does not meet our needs either . We have a delegated directory - my understanding is that this support does nothing for delegated directories to enable automatic synchronization. Please correct me if I am wrong. The newer LDAP connector directories do not allow user defined attributes: Custom user attributes are not yet supported for LDAP directories even though there is an entry field showing. We already have a number of attributes defined and in use .
            shihab made changes -
            Fix Version/s New: 2.2 [ 15740 ]
            Fix Version/s Original: 2.3 [ 15852 ]
            Fix Version/s Original: 2.2.9 [ 18095 ]
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]
            shihab made changes -
            Link New: This issue relates to CWD-2497 [ CWD-2497 ]

            shihab added a comment -

            You can use caching LDAP directories to periodically synchronise your LDAP server with Crowd. The period of synchronisation is configurable so that you can trade-off the load of performing frequent syncs with your ability to deal with stale data. There are various factors you can tune to improving the speed of synchronisation and they are discussed in the documentation.

            If you specifically want to use delegated authentication directories and want group membership sync on auth, we are looking at implementing this feature in the near future. It is being tracked in a separate issue: CWD-2497

            shihab added a comment - You can use caching LDAP directories to periodically synchronise your LDAP server with Crowd. The period of synchronisation is configurable so that you can trade-off the load of performing frequent syncs with your ability to deal with stale data. There are various factors you can tune to improving the speed of synchronisation and they are discussed in the documentation . If you specifically want to use delegated authentication directories and want group membership sync on auth, we are looking at implementing this feature in the near future. It is being tracked in a separate issue: CWD-2497
            David O'Flynn [Atlassian] made changes -
            Fix Version/s New: 2.2.9 [ 18095 ]
            Fix Version/s New: 2.3 [ 15852 ]

              Unassigned Unassigned
              bob.swift Bob Swift
              Votes:
              16 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: