Documentation for Crowd 2.7. Documentation for earlier versions of Crowd is available too.

Skip to end of metadata
Go to start of metadata

1 December 2010


With great pleasure, the Atlassian Crowd team presents the delightfully responsive yet blissfully RESTful Crowd 2.1.

The new fully-featured REST API is designed for use by client applications and provides a foundation for future work. Having built the API, we used it to rework Crowd's Apache and Subversion connectors. Another focus of this release is the improved performance provided by the new database-backed caching, LDAP connection pooling and Apache/Subversion connectors.

Highlights of this release:

Responding to your feedback:

(green star) Almost 230 votes satisfied

Keep logging your votes and issues. They help us decide what needs doing!

Upgrading to Crowd 2.1

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.1 Upgrade Notes.

Highlights of Crowd 2.1

 

REST API

Crowd 2.1 introduces a new set of REST APIs for use by applications connecting to Crowd. This is especially good news for people developing a custom application connector.

The REST APIs offer the following features to client applications:

  • User authentication and SSO.
  • Updating a user's password.
  • Requesting a password reset.
  • A fully functional, comprehensive search API. Initially, the search API will be quite terse in construction as the queries will be an XML/JSON serialisation of our internal search objects. We provide a Java client that assists in constructing the queries.

In addition, client applications can add, update, remove and retrieve the following entities from the user base:

  • Users
  • Custom user attributes
  • Groups
  • Custom group attributes
  • Group memberships
  • Nested group memberships

Examples:

  • To search for a particular user, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user?username=USERNAME
    
  • To get all attributes of a particular user, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user/attribute?username=USERNAME
    
  • To add a user, perform a POST request to:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user
    
  • To search for a particular group, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/group?groupname=GROUPNAME
    

See our guides to the new APIs and REST resources.

 

Improved Apache and Subversion Connectors

Crowd 2.1 includes new in-process Apache and Subversion connectors, bringing improved performance and lower memory usage. In addition, the connectors now offer support for the following:

  • Nested groups.
  • SSO with Apache.
  • Subversion parent path configuration. The SVNParentPath directive allows you to put multiple Subversion repositories in a directory. This means that you can add and remove repositories without having to restart Apache. See the following pages from Version Control with Subversion: Path-based authorisation and Subversion Apache configuration directives.
  • More platforms. We now provide a source distribution of the Apache and Subversion connectors. This means that you can build and deploy the connectors on the operating system of your choice.

(green star) This improvement satisfies more than 100 votes. See our documentation on integrating Crowd with Apache and with Subversion.

 

Database-Backed Caching for All LDAP Directories

Earlier versions of Crowd provided in-memory caching for LDAP user and group data. In Crowd 2.1 the LDAP cache is stored in the Crowd database, resulting in significant performance improvements. Read-only queries will hit the database and not the LDAP server. Queries on LDAP data will perform as efficiently as queries on the Crowd internal directory. This is particularly useful for large LDAP servers which may respond poorly to searches for users.

Other features:

  • You can execute complex searches like "find me all the users starting with 'a' that have an email address containing '@example.com'".
  • You can store and query custom attributes for users and groups in LDAP directories as well as in Crowd internal directories. Note that the custom attributes are stored in the Crowd database, not LDAP.
  • Database-backed caching is available for all LDAP servers. The earlier in-memory model worked only with Microsoft Active Directory and ApacheDS.

Details are in the documentation.

 

LDAP Connection Pooling

Crowd now supports connection pooling for your LDAP servers. The LDAP service provider maintains a pool of connections and assigns them as needed. When a connection is closed, LDAP returns the connection to the pool for future use. See the documentation.

Connection pooling cuts the overhead of making the LDAP connection. Sites using Active Directory with SSL will see performance on par with an unsecured connection. This is an order of magnitude improvement over Crowd 2.0. 

 

Secure Password Resets

When someone has forgotten their password, Crowd no longer sends them a new password. Instead it sends them a unique, random URL and prompts them to choose their own new password. There are a number of advantages to the new workflow:

  • Crowd uses a secure algorithm to generate the unique, random URL for the user concerned.
  • Users can ensure that their new password matches the directory regex pattern, where relevant.
  • People who have forgotten their usernames can now also request a reminder via email. There is a new email template for this notification.
  • Password reset can no longer be used as a denial of service attack.

 

Other Things Worth Mentioning

Complete List of Improvements and Fixes

Unable to locate JIRA server for this macro. It may be due to Application Link configuration.
  • No labels

3 Comments

  1. In the Crowd 2.0.7 release notes, the following is stated:

    • If you are using FishEye/Crucible 2.4 with Crowd, you must use the crowd-integration-client-2.0.0.jar that is bundled with FishEye/Crucible 2.4. Do not use the crowd-integration-client-2.0.7.jar, as the 2.0.7 jar is not compatible with FishEye/Crucible 2.4. This issue will be resolved with Crowd 2.1.

    Is this resolved? Nothing is stated in the Crowd 2.1 release notes about this, nor any subsequent release through Crowd 2.2.4.

  2. We just tried using the Crowd 2.2.7 integration JAR (released today!) with FishEye 2.3.6 and I can confirm that the new JAR is still broken. Reverting our FishEye install to the crowd-integration-client-2.0.0 at least got FishEye to start up without exceptions.

    1. Anonymous

      According to atlassian on the Integrating Crowd with Atlassian FishEye page, this is actually a problem with FishEye and is scheduled to be fixed in the upcoming FishEye 2.6.