Ask Your Question

How can I setup authentication via atlassian Crowd [closed]

asked 2014-03-21 07:07:36 -0500

KeithJ gravatar image

updated 2014-11-20 11:06:52 -0500


Openstack Version: Grizzly running on Ubuntu

I am trying to set up authentication from the Dashboard using atlassian Crowd. Here are the relevant sections of the keystone.conf file

driver = keystone.identity.backends.ldap.Identity

  url = <url>
  user = admin dc=Manager,dc=example,dc=com
password = ****
 suffix = cn=example,cn=com
  use_dumb_member = False
 allow_subtree_delete = False
 dumb_member = cn=dumb,dc=example,dc=com

# Maximum results per page; a value of zero ('0') disables paging (default)
 page_size = 0

# The LDAP dereferencing option for queries. This can be either 'never',
# 'searching', 'always', 'finding' or 'default'. The 'default' option falls
# back to using default dereferencing configured by your ldap.conf.
 alias_dereferencing = default

# The LDAP scope for queries, this can be either 'one'
# (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree)
 query_scope = one

 user_tree_dn = ou=Users,dc=example,dc=com
 user_filter =
 user_objectclass = inetOrgPerson
 user_domain_id_attribute = businessCategory
 user_id_attribute = cn
 user_name_attribute = sn
 user_mail_attribute = email
 user_pass_attribute = userPassword
 user_enabled_attribute = enabled
 user_enabled_mask = 0
 user_enabled_default = True
 user_attribute_ignore = tenant_id,tenants
 user_allow_create = True
 user_allow_update = True
 user_allow_delete = True
 user_enabled_emulation = False
 user_enabled_emulation_dn =

 tenant_tree_dn = ou=Groups,dc=example,dc=com
 tenant_filter =
 tenant_objectclass = groupOfNames
 tenant_domain_id_attribute = businessCategory
 tenant_id_attribute = cn
 tenant_member_attribute = member
 tenant_name_attribute = ou
 tenant_desc_attribute = desc
 tenant_enabled_attribute = enabled
 tenant_attribute_ignore =
 tenant_allow_create = True
 tenant_allow_update = True
 tenant_allow_delete = True
 tenant_enabled_emulation = False
 tenant_enabled_emulation_dn =

 role_tree_dn = ou=Roles,dc=example,dc=com
 role_filter =
 role_objectclass = organizationalRole
 role_id_attribute = cn
 role_name_attribute = ou
 role_member_attribute = roleOccupant
 role_attribute_ignore =
 role_allow_create = True
 role_allow_update = True
 role_allow_delete = True

 group_tree_dn =
 group_filter =
 group_objectclass = groupOfNames
 group_id_attribute = cn
 group_name_attribute = ou
 group_member_attribute = member
 group_desc_attribute = desc
 group_attribute_ignore =
 group_allow_create = True
 group_allow_update = True
 group_allow_delete = True

I only need to configure access through the dashboard.

Can anyone give me an example of the steps required.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by KeithJ
close date 2014-11-20 11:08:44.692943


You may want to post your keystone [ldap] section with passwords blanked out. That should help with figuring out what is causing the error. It could be a search string or an option misconfigured.

mpetason gravatar imagempetason ( 2014-03-21 13:51:46 -0500 )edit

Thanks. I have uncommented everything in the ldap section, and I now get connection refused. I have pasted the ldap section of the keystone.conf file I can't see where I am supposed to add the crowd credentials.

KeithJ gravatar imageKeithJ ( 2014-03-24 04:33:02 -0500 )edit

Crowd would need to allow you to access it using LDAP not Http. That is probably the issue. I haven't worked with Crowd enough to know if it allows LDAP connections:

url =

Would be

url = ldap://

mpetason gravatar imagempetason ( 2014-03-24 09:00:14 -0500 )edit

You probably can't use Crowd as a backend for Keystone using LDAP. You would need a plugin that may not exist.

mpetason gravatar imagempetason ( 2014-03-24 09:01:20 -0500 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2014-05-26 11:28:39 -0500

KeithJ gravatar image

The solution was to install python-crowdmaster from github.

edit flag offensive delete link more

answered 2014-03-24 10:26:29 -0500

larsks gravatar image

Crowd is not an LDAP server, and you cannot communicate with it using Keystone's LDAP backend. There is a crowd-ldap-server project that claims to implement an LDAP front-end for Crowd, but I don't know whether or not this is a viable solution.

edit flag offensive delete link more


Iarsks has right, crowd is no ldap server (has a ldap back-end), Swing (java) autentication software stack give you posiblitity to do that (we use crowd but not is OpenStack)

Hakan gravatar imageHakan ( 2014-05-26 23:16:12 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-21 07:07:36 -0500

Seen: 756 times

Last updated: Nov 20 '14