This page provides notes for configuring an LDAP directory using the Posix/NIS schema RFC 2307. This page is related to Configuring an LDAP Directory Connector.
Crowd supports read-only connections to an LDAP directory using the Posix/NIS schema. This is useful if you have a Unix installation and want to integrate with an LDAP directory. The Posix/NIS schema allows integration between an LDAP directory and the Unix NIS (Network Information Service).
![]() | Crowd's Posix support is read-only Currently, Crowd supports read-only access to the directory based on the Posix schema. You cannot add or update user details. |
Screenshot: 'Connector — LDAP using Posix schema'
Attribute |
Description |
---|---|
Connector |
The directory connector to use when communicating with the directory server. |
URL |
The connection URL to use when connecting to the directory server, e.g.: |
Secure SSL |
Specifies if the connection to the directory server is a SSL connection. |
Use Node Referrals |
Use the JNDI lookup java.naming.referral option. Generally needed for Active Directory servers configured without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed Continuation Reference(s)' error. |
Use the User Membership Attribute |
Put a tick in the checkbox if your directory supports the group membership attribute on the user. (By default, this is the 'memberOf' attribute.) For instructions on enabling this feature in your directory, please refer to the OpenLDAP documentation.
|
Use Paged Results |
Use the LDAP control extension for simple paged results option. Retrieves chunks of data rather than all of the results at once. This feature may be necessary when using Microsoft Active Directory if more than 999 results are returned for any given search. |
Use Naive DN Matching |
This setting determines how Crowd will compare DNs to determine if they are equal. See Using Naive DN Matching.
|
Polling Interval |
Crowd will send a request to LDAP every x minutes, where 'x' is the number specified here. Please read the full instructions: Configuring Caching for an LDAP Directory. |
Read Timeout |
Time in seconds to wait for a response to be received. If there is no response within the specified time period, the read attempt will be aborted. A value of 0 (zero) means there is no limit. |
Search Timeout |
Time in seconds to wait for a response from a search operation. A value of 0 (zero) means there is no limit. |
Connection Timeout |
Timeout in seconds when opening new server connections. If not specified, the TCP network timeout will be used, which may be several minutes. |
Password Encryption |
Select the type of encryption that the directory uses. |
Base DN |
Enter the root distinguished name to use when running queries versus the directory server, e.g.: |
User DN |
Distinguished name of the user that Crowd will use when connecting to the directory server. |
Password |
The password of the user specified above. |
Note: You can also configure site-wide LDAP connection pool settings. See Configuring the LDAP Connection Pool.
Group Relationships
Crowd will check both the gidNumber
and the memberUid
attributes to determine if a user is a member of a group. The name of the gidNumber
attribute is not configurable — Crowd will always use this attribute to determine membership.
The RFC 2307 schema does not support nesting of groups, so Crowd does not support nested groups in the Posix schema.
Next Step
Go back to Configuring an LDAP Directory Connector.
RELATED TOPICS
- Using the Directory Browser
- Adding a Directory
- Configuring an Internal Directory
- Configuring an LDAP Directory Connector
- Configuring a Remote Crowd Directory
- Configuring a Custom Directory Connector
- Configuring a Delegated Authentication Directory
- Configuring Caching for an LDAP Directory
- Using Naive DN Matching
- Specifying Directory Permissions
- Importing Users and Groups into a Directory
Using Apache Directory Studio for LDAP Configuration
Crowd Documentation
Attachments:








