When you map multiple directories to an application, you also need to define the directory order.
The directory order is important during the authentication of the user, in cases where the same user exists in multiple directories. When a user attempts to log in to an application, Crowd will search the directories in the order you specified, and will use the credentials (password) of the first occurrence of the user to validate the login attempt. See diagram below.
The directory order is also important when granting the user access to an application based on group membership. In the case of multiple directories, Crowd looks at the group memberships based on the directory order. See below.
On this page:
Specifying the Directory Order
To specify the directory order,
- Log in to the Crowd Administration Console.
- Click the 'Applications' tab in the top navigation bar.
- This will display the Application Browser. Click the 'View' link that corresponds to the application you wish to map.
- This will display the 'View Application' screen. Click the 'Directories' tab.
- This will display a list of directories that are currently mapped to the application. Use the blue up-arrow or down-arrow to move a directory higher or lower in the order:
Screenshot: 'Application---Mapped Directories'
How Authentication Works
The directory order is important during the authentication of the user.
Let's assume that JIRA has been set up as a Crowd application, and has been mapped to two directories, 'Partners' and 'Customers', in that order.
Here is what happens when a user attempts to log in to JIRA:
How Authorisation via Group Membership Works
The directory order is important when granting the user access to an application based on group membership. When Crowd determines a person's access to an application based on their membership of a group, what happens if the same username exists in more than one directory? Crowd will look for group membership only in the first directory where the username appears, based on the order of directories mapped to the application. See Specifying the Directory Order for an Application. For example:
jsmith
exists in both the Customers directory and the Partners directory.jsmith
is a member of group G1
in the Customers directory and group G2
in the Partners directory.G1
. For purposes of granting access to this application, Crowd will not consider jsmith
a member of group G2
.
RELATED TOPICS
- Using the Application Browser
- Adding an Application
- Integrating Crowd with Atlassian Bamboo
- Integrating Crowd with Atlassian Confluence
- Integrating Crowd with Atlassian CrowdID
- Integrating Crowd with Atlassian Crucible
- Integrating Crowd with Atlassian FishEye
- Integrating Crowd with Atlassian JIRA
- Integrating Crowd with Atlassian Stash
- Integrating Crowd with Acegi Security
- Integrating Crowd with Apache
- Disabling Previous Versions of the Crowd Apache Connector
- Installing the Crowd Apache Connector on CentOS Linux
- Installing the Crowd Apache Connector on Red Hat Enterprise Linux
- Installing the Crowd Apache Connector on Ubuntu Linux
- Installing the Crowd Apache Connector on Debian
- Installing the Crowd Apache Connector on Other UNIX-Like Systems
- Installing the Crowd Apache Connector on Windows
- Integrating Crowd with Jive Forums
- Integrating Crowd with Spring Security
- Integrating Crowd with Subversion
- Integrating Crowd with a Custom Application
- Configuring the Google Apps Connector
- Mapping a Directory to an Application
- Specifying an Application's Address or Hostname
- Testing a User's Login to an Application
- Enforcing Lower-Case Usernames and Groups for an Application
- Managing an Application's Session
- Deleting or Deactivating an Application
- Configuring Caching for an Application
- Overview of SSO
- Configuring Options for an Application