Crowd 2.1 Release Notes
1 December 2010
The new fully-featured REST API is designed for use by client applications and provides a foundation for future work. Having built the API, we used it to rework Crowd's Apache and Subversion connectors. Another focus of this release is the improved performance provided by the new database-backed caching, LDAP connection pooling and Apache/Subversion connectors.
Highlights of this release:
Responding to your feedback:
Almost 230 votes satisfied
Keep logging your votes and issues. They help us decide what needs doing!
Upgrading to Crowd 2.1
Highlights of Crowd 2.1
Crowd 2.1 introduces a new set of REST APIs for use by applications connecting to Crowd. This is especially good news for people developing a custom application connector.
The REST APIs offer the following features to client applications:
- User authentication and SSO.
- Updating a user's password.
- Requesting a password reset.
- A fully functional, comprehensive search API. Initially, the search API will be quite terse in construction as the queries will be an XML/JSON serialization of our internal search objects. We provide a Java client that assists in constructing the queries.
In addition, client applications can add, update, remove and retrieve the following entities from the user base:
- Custom user attributes
- Custom group attributes
- Group memberships
- Nested group memberships
- To search for a particular user, perform a GET request at:
- To get all attributes of a particular user, perform a GET request at:
- To add a user, perform a POST request to:
- To search for a particular group, perform a GET request at:
Improved Apache and Subversion Connectors
Crowd 2.1 includes new in-process Apache and Subversion connectors, bringing improved performance and lower memory usage. In addition, the connectors now offer support for the following:
- Nested groups.
- SSO with Apache.
- Subversion parent path configuration. The
SVNParentPathdirective allows you to put multiple Subversion repositories in a directory. This means that you can add and remove repositories without having to restart Apache. See the following pages from Version Control with Subversion: Path-based authorization and Subversion Apache configuration directives.
- More platforms. We now provide a source distribution of the Apache and Subversion connectors. This means that you can build and deploy the connectors on the operating system of your choice.
Database-Backed Caching for All LDAP Directories
Earlier versions of Crowd provided in-memory caching for LDAP user and group data. In Crowd 2.1 the LDAP cache is stored in the Crowd database, resulting in significant performance improvements. Read-only queries will hit the database and not the LDAP server. Queries on LDAP data will perform as efficiently as queries on the Crowd internal directory. This is particularly useful for large LDAP servers which may respond poorly to searches for users.
- You can execute complex searches like "find me all the users starting with 'a' that have an email address containing '@example.com'".
- You can store and query custom attributes for users and groups in LDAP directories as well as in Crowd internal directories. Note that the custom attributes are stored in the Crowd database, not LDAP.
- Database-backed caching is available for all LDAP servers. The earlier in-memory model worked only with Microsoft Active Directory and ApacheDS.
Details are in the documentation.
LDAP Connection Pooling
Crowd now supports connection pooling for your LDAP servers. The LDAP service provider maintains a pool of connections and assigns them as needed. When a connection is closed, LDAP returns the connection to the pool for future use. See the documentation.
Connection pooling cuts the overhead of making the LDAP connection. Sites using Active Directory with SSL will see performance on par with an unsecured connection. This is an order of magnitude improvement over Crowd 2.0.
Secure Password Resets
When someone has forgotten their password, Crowd no longer sends them a new password. Instead it sends them a unique, random URL and prompts them to choose their own new password. There are a number of advantages to the new workflow:
- Crowd uses a secure algorithm to generate the unique, random URL for the user concerned.
- Users can ensure that their new password matches the directory regex pattern, where relevant.
- People who have forgotten their usernames can now also request a reminder via email. There is a new email template for this notification.
- Password reset can no longer be used as a denial of service attack.