Skip to content

Configuration

Jump to bottom Edit New page
dwimberger edited this page Oct 24, 2013 · 3 revisions

Crowd Setup

The Crowd LDAP Server needs to authenticate against an existing application configured in Crowd.

You can either:

  1. Add an application to Crowd; or
  2. Use an existing application

Make sure to remember the application name and the application password for the next step, and to enable the IP Address/Hostname of the node the Crowd LDAP Server will be running on (Specify an Application Address).

Crowd LDAP Server Setup

Crowd related configuration

The Crowd LDAP Server needs some configuration to be able to talk to Crowd in the backend. This configuration is stored in a standard crowd.properties file.

  #Crowd Server Configuration
 session.lastvalidation=session.lastvalidation
 session.isauthenticated=session.isauthenticated
 application.password=<Crowd application password>
 application.name=<Crowd application name>
 session.validationinterval=0
 crowd.server.url=<Crowd Service Endpoint> 
 session.tokenkey=session.tokenkey
 application.login.url=<Crowd Login URL>

You should fill in: <Crowd application name> <Crowd application password> <Crowd Service Endpoint> <Crowd Login URL>

Listener Configuration

This configuration is stored in the crowd-ldap-server.properties. It allows you to configure

  1. a listener port; and
  2. SSL (optional)

Configuring the listener port:

You may configure the port of the LDAP listener: # Crowd LDAP Server Configuration listener.port=10389

Configuring LDAPS

By default the listener will be configured without SSL support:

  ssl.enabled=false

However, you may configure SSL support with a valid certificate, or with a self signed certificate (if your clients support to validate against self-signed certificates):

 # Enabled SSL
 ssl.enabled=true
 # Keystore
 ssl.keystore=etc/crowd-ldap-server.keystore
 # Certificate password
 ssl.certificate.password=changeit

Configuring memberof AD emulation

By default the user entries will not return any form of group membership information. This configuration will allow to enable the AD style memberof attribute, providing membership information on user entries. This feature has been contributed by Aaron Dummer.

 # Emulate AD memberof (false|true)
 emulate.ad.memberof=true

When the member of AD emulation is activated, then you can also activate loading nested group memberships. Suggestion is to be careful with this option, especially if your directory and group structure is huge.

 # Include Nested Groups in memberOf Attribute (false|true)
 emulate.ad.include.nested=true
Add a custom footer
Add a custom sidebar
Clone this wiki locally