Documentation for Crowd 2.4. Documentation for other versions of Crowd is available too.

While you should already know the user DN you are using for your LDAP connection, it can be helpful to review the users and groups in Apache Directory Studio to determine the best scope for your Crowd LDAP directory configuration.

Crowd comes with default configurations that will work for most customers. In the examples below, we illustrate some common options for changing your user and group configurations.

There are a number of other attributes, not shown here, that can also be used to narrow the scope of users and groups.

Important Search Filter Notes

  • If you are unfamiliar with LDAP search filter syntax, please review this guide.
  • In order to use Object Filters larger than 255 characters, you will need to upgrade to Crowd to 1.5.1 or later, by installing a new Crowd instance (with a new database) and restoring an XML backup from your previous Crowd installation. For more information on upgrading Crowd please review the Upgrade Guide
  • If you are using Nested Groups in Crowd, your group filter must include all sub-groups to pick up the sub-group members

On this page:

Example 1. Using a User's DN for Crowd Configuration

  1. Find a user in the scope you wish to use for Crowd. Highlight that user in Apache Directory Studio.

    Screenshot: User information in Apache Directory Studio

  2. Using the information about the user dmcgahan, you can narrow down the users returned in the Crowd directory to those in cn=Users who are members of either the confluence-users or the confluence-administratorsgroup.

    User DN:

    cn=Users

    User Object Filter:

    (&(objectCategory=Person)(sAMAccountName=*)
(|(memberOf=cn=confluence-users,ou=Groups,dc=sydney,dc=atlassian,dc=com)
(memberOf=cn=confluence-administrators,ou=Groups,dc=sydney,dc=atlassian,dc=com)))



    Screenshot: The resulting user configuration in Crowd

Example 2: Using a Group's DN for Crowd Configuration

  1. Find a group in the scope you wish to use for Crowd. Highlight that group in Apache Directory Studio.

    Screenshot: Group information in Apache Directory Studio

  2. Using the information about the group confluence-users, you can narrow down the groups returned in the Crowd directory to those in ou=Groups and return only the confluence-users or the confluence-administratorsgroup. Under most circumstances, it is best to apply any changes to both group and role configuration for consistency.

    Group DN:

    ou=Groups

    Group Object Filter:

    (&(objectCategory=Group)(|(cn=confluence-users)(cn=confluence-administrators)))



    Screenshot: The resulting group/role configuration in Crowd

関連トピック

Using Apache Directory Studio for LDAP Configuration

  • ラベルなし

1 Comment

  1. alias

    Oct 15, 2012

    Can I restrict the scope for User and Group search when using Microsoft Active Directory as well?



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.