Configuring a Delegated Authentication Directory
The username must be the same in the Crowd Delegated Authentication directory and in the LDAP directory. If a user is renamed in LDAP, Crowd will automatically rename the user in the Delegated Authentication directory.
Delegated Authentication directories do not allow you to browse the LDAP data. The directory delegates user authentication to LDAP, but to be able to list users and groups, you will need to add them to the directory. See more details in the Next Steps section of this page.
On this page:
Example of using a Delegated Authentication Directory
You can set up a simple group configuration in Crowd for use with Confluence and other Atlassian products, while authenticating your users against the corporate LDAP directory. You can also avoid the performance issues which might result from downloading large numbers of groups from LDAP.
The diagram below gives a conceptual overview of delegated LDAP authentication. This example assumes that you have:
- The Confluence application integrated with Crowd.
- A Crowd Delegated Authentication directory called 'Employees' which contains the group 'confluence-users'.
- An LDAP directory containing all your employees and their authentication details (e.g. username and password).
Before setting up a new Delegated Authentication Directory, please review to the notes on LDAP object structures in the page about LDAP connectors.
To configure a Delegated Authentication directory:
- Log in to the Crowd Administration Console.
- Click the Directories link in the top navigation bar. The Directory Browser will open.
- Click the Add Directory link and then select the Delegated Authentication button.
- Complete the configuration information required on each of the tabs to finish setting up the directory.
After configuring your new directory:
- Map the directory to the appropriate applications.
- Consider how you would like to add your users to Crowd's Delegated Authentication directory. There are a few options:
- Using the Directory Browser
- Adding a Directory
- Configuring Caching for an LDAP Directory
- Using Naive DN Matching
- Specifying Directory Permissions
- Importing Users and Groups into a Directory
Was this helpful?
Thanks for your feedback!