Configuring a Remote Crowd Directory

Remote Crowd directories allow Crowd to Crowd connections. In other words, one Crowd server can obtain users and groups from another Crowd server.

Two things need to be done in order to configure the local Crowd server to obtain users and groups from a remote Crowd server:

  1. The local Crowd server needs to be given access to the remote Crowd server. This is achieved by adding a new application on the remote Crowd server.
  2. The new Remote Crowd directory needs to be added to the local Crowd server with details on how to connect to the remote Crowd server.

In our local testing, we found that it took about 4 minutes to sync to external Crowd with 10 000 users, 1 000 groups, and 200 000 memberships.

Roles are not supported in Remote Crowd Directories.

To configure a Remote Crowd directory,

  1. Log in to the Crowd Administration Console in the remote Crowd server.
  2. Add a new application which will be the local Crowd server. The application name and password entered here will be used later by the local Crowd server to connect to the remote Crowd server.
  3. Log in to the Crowd Administration Console in the local Crowd server.
  4. Click the 'Directories' tab in the top navigation bar.
  5. This will display the Directory Browser. Click 'Add Directory' in the left-hand menu.
  6. Click the 'Remote Crowd' button.
  7. The 'Details' tab will appear. See screenshot 1 below. Enter the 'Name' and 'Description' (see table of fields below).
  8. We recommend that you leave 'Cache Enabled' at its default setting (enabled). Remote Crowd directory caching works the same way as it does for LDAP directories. For more information, see Configuring Caching for an LDAP Directory.
  9. Click the 'Connection' tab. See screenshot 2 below.
  10. Fill in the basic connection information for your remote Crowd server.
  11. Click the 'Test Connection' button to verify that Crowd can successfully connect to the directory.
  12. Click the 'Permissions' tab to configure the directory's permissions.

Configuring Directory Details

Screenshot 1: Directory details

Attribute

Description

Name

The name used to identify the directory within Crowd. This is useful when there are multiple directories configured, e.g. 'Chicago Employees' or 'Web Customers'.

Description

Details about this specific directory.

Active

Only deselect this if you wish to prevent all users within the directory from accessing all mapped applications. If a directory is not marked as 'Active', it is inactive. Inactive directories are:

  • not included when searching for users, groups or memberships.
  • still displayed in the Crowd Administration Console screens.

Cache Enabled

We recommend that you turn on caching. Remote Crowd directory caching works the same way as it does for LDAP directories. For more information, see Configuring Caching for an LDAP Directory.

Use Nested Groups

Enable or disable support for nested groups on the Remote Crowd directory.

Configuring Connection Details

Screenshot 2: Connection details

Attribute

Description

URL

The connection URL to use when connecting to the directory server. The URL should be in the following format: http://domainname:port/crowd.

Application Name

Application name used to authenticate to the remote Crowd server.

Application Password

Application password used to authenticate to the remote Crowd server.

Connection Timeout

The time, in seconds, to wait for a connection to be established. If there is no connection within the specified time period, the connection attempt will be aborted. A value of 0 (zero) means there is no limit.

Max Connections

The maximum number of simultaneous connections to remote Crowd server.

Proxy Host

HTTP proxy server domain name. This field is required if the remote Crowd server is behind a HTTP proxy.

Proxy Port

HTTP proxy server port number. This field is required if the remote Crowd server is behind a HTTP proxy.

Proxy Username

HTTP proxy server username. This field is required if the HTTP proxy server requires authentication.

Proxy Password

HTTP proxy server password. This field is required if the HTTP proxy server requires authentication.

Enable Incremental Sync We recommend that you turn on incremental synchronization. It will cause only changes since the last synchronization to be queried when synchronizing, thus significantly reducing synchronization resource usage.

Polling Interval

Crowd will synchronize with the remote Crowd server every x minutes, where 'x' is the number specified here. Remote Crowd directory caching works the same way as it does for LDAP directories, for which there is more information in Configuring Caching for an LDAP Directory.

Next Step

Specify the directory permissions, which allow you to restrict the way in which applications can use the directories. See Specifying Directory Permissions.

Once you have configured the directory's permissions, you have finished configuring your new directory. You can then map the directory to the appropriate applications.

RELATED TOPICS

Crowd Documentation

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport