This guide assumes that you have configured FreeIPA (default) and Crowd.
Here’s what works:
- name, username, password, groups
- sync updates from LDAP
- write updates to LDAP from crowd (untested)
- Add a new user, ex.: ‘crowd’ and assign a password
- Make sure the user is in the group ‘ipausers’
- Add directory with the type ‘Connector’
- Give it a name and configure as follows
Connector: Generic Directory Server URL: ldap://subdomain.domain.com:389/ Base DN: dc=domain,dc=com Username: uid=[new IPA user, ex.: crowd],cn=users,cn=accounts,dc=domain,dc=com Password: [password of new IPA user] The remaining parameters are default.
User DN: cn=accounts User object class: inetorgperson User object filter: (objectclass=inetorgperson) User name attribute: uid User name RDN attribute: cn User first name attribute: givenName User last name attribute: sn User display name attribute: displayName User email attribute: mail User group attribute: memberOf User password attribute: userPassword User unique identifier attribute: uidnumber (untested)
Group DN: cn=accounts Group object class: ipausergroup Group object filter: (objectclass=ipausergroup) Group name attribute: cn Group description attribute: description Group members attribute: member
3) Copy Crowd users to LDAP
- [in Crowd] Users
- Import users
- Directory importer
That’s it, pretty straight forward from here.
Alternatively you can ignore the Crowd directory, as long as the users are in LDAP. If their Jira / Confluence name matches with the one in FreeIPA LDAP (email@example.com), they can login with their new LDAP details right away, and continue working under the same account.
3) Activate Directory
In order to use the newly added directory for authentication, here’s what you do:
- [Name of Application]
- Directories and Groups
- Add the newly created directory, and move it to the top (prioritize)
That’s in. FreeIPA LDAP - Crowd - Jira / Confluence - Happiness