Documentation for Crowd 1.4. Documentation for other versions of Crowd is available too.
When you map multiple directories to an application, you also need to define the directory order.
The directory order is important during the authentication of the user, in cases where the same user exists in multiple directories. When a user attempts to log in to an application, Crowd will search the directories in the order you specified, and will use the credentials (password, etc) of the first occurrence of the user to validate the login attempt. See diagram below.
The directory order is not significant when granting the user access to an application based on group membership. In the case of multiple directories, Crowd amalgamates the group memberships in the directories. See below.
On this page:
Specifying the Directory Order
To specify the directory order,
- Log in to the Crowd Administration Console.
- Click the 'Applications' tab in the top navigation bar.
- This will display the Application Browser. Click the 'View' link that corresponds to the application you wish to map.
- This will display the 'View Application' screen. Click the 'Directories' tab.
- This will display a list of directories that are currently mapped to the application. Use the blue up-arrow or down-arrow to move a directory higher or lower in the order:
Screenshot: 'Application---Mapped Directories'
How Authentication Works
The directory order is important during the authentication of the user.
Let's assume that JIRA has been set up as a Crowd application, and has been mapped to two directories, 'Partners' and 'Customers', in that order.
Here is what happens when a user attempts to log in to JIRA:
How Authorisation via Group Membership Works
The directory order is not significant when granting the user access to an application based on group membership. If the same username exists in more than one directory assigned to an application, Crowd treats these usernames as the same user. Crowd searches all the assigned directories for the user, and amalgamates the group and role memberships. For example, let's assume you have a user 'jsmith' who exists in both directories 'Customers' and 'Partners', and is a member of group 'G1' in 'Customers' and 'G2' in 'Partners'. Crowd will grant access to the user based on membership of both 'G1' and 'G2'.
RELATED TOPICS
- Using the Application Browser
- Adding an Application
- Integrating Crowd with Atlassian Bamboo
- Integrating Crowd with Atlassian Confluence
- Integrating Crowd with Atlassian CrowdID
- Integrating Crowd with Atlassian Crucible
- Integrating Crowd with Atlassian FishEye
- Integrating Crowd with Atlassian JIRA
- Integrating Crowd with Acegi Security
- Integrating Crowd with Apache
- Integrating Crowd with Jive Forums
- Integrating Crowd with Subversion
- Integrating Crowd with a Custom Application
- Mapping a Directory to an Application
- Specifying which Groups can access an Application
- Specifying an Application's Address or Hostname
- Testing a User's Login to an Application
- Managing an Application's Session
- Deleting or Deactivating an Application
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.