Crowd 2.4 : Crowd 2.1 Release Notes

1 December 2010


With great pleasure, the Atlassian Crowd team presents the delightfully responsive yet blissfully RESTful Crowd 2.1.

The new fully-featured REST API is designed for use by client applications and provides a foundation for future work. Having built the API, we used it to rework Crowd's Apache and Subversion connectors. Another focus of this release is the improved performance provided by the new database-backed caching, LDAP connection pooling and Apache/Subversion connectors.

Highlights of this release:

Responding to your feedback:

(green star) Almost 230 votes satisfied

Keep logging your votes and issues. They help us decide what needs doing!

Upgrading to Crowd 2.1

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.1 Upgrade Notes.

Highlights of Crowd 2.1

 

REST API

Crowd 2.1 introduces a new set of REST APIs for use by applications connecting to Crowd. This is especially good news for people developing a custom application connector.

The REST APIs offer the following features to client applications:

  • User authentication and SSO.
  • Updating a user's password.
  • Requesting a password reset.
  • A fully functional, comprehensive search API. Initially, the search API will be quite terse in construction as the queries will be an XML/JSON serialisation of our internal search objects. We provide a Java client that assists in constructing the queries.

In addition, client applications can add, update, remove and retrieve the following entities from the user base:

  • Users
  • Custom user attributes
  • Groups
  • Custom group attributes
  • Group memberships
  • Nested group memberships

Examples:

  • To search for a particular user, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user?username=USERNAME
    
  • To get all attributes of a particular user, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user/attribute?username=USERNAME
    
  • To add a user, perform a POST request to:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/user
    
  • To search for a particular group, perform a GET request at:
    http://YOUR-CROWD-SERVER:8095/rest/usermanagement/1/group?groupname=GROUPNAME
    

See our guides to the new APIs and REST resources.

 

Improved Apache and Subversion Connectors

Crowd 2.1 includes new in-process Apache and Subversion connectors, bringing improved performance and lower memory usage. In addition, the connectors now offer support for the following:

  • Nested groups.
  • SSO with Apache.
  • Subversion parent path configuration. The SVNParentPath directive allows you to put multiple Subversion repositories in a directory. This means that you can add and remove repositories without having to restart Apache. See the following pages from Version Control with Subversion: Path-based authorisation and Subversion Apache configuration directives.
  • More platforms. We now provide a source distribution of the Apache and Subversion connectors. This means that you can build and deploy the connectors on the operating system of your choice.

(green star) This improvement satisfies more than 100 votes. See our documentation on integrating Crowd with Apache and with Subversion.

 

Database-Backed Caching for All LDAP Directories

Earlier versions of Crowd provided in-memory caching for LDAP user and group data. In Crowd 2.1 the LDAP cache is stored in the Crowd database, resulting in significant performance improvements. Read-only queries will hit the database and not the LDAP server. Queries on LDAP data will perform as efficiently as queries on the Crowd internal directory. This is particularly useful for large LDAP servers which may respond poorly to searches for users.

Other features:

  • You can execute complex searches like "find me all the users starting with 'a' that have an email address containing '@example.com'".
  • You can store and query custom attributes for users and groups in LDAP directories as well as in Crowd internal directories. Note that the custom attributes are stored in the Crowd database, not LDAP.
  • Database-backed caching is available for all LDAP servers. The earlier in-memory model worked only with Microsoft Active Directory and ApacheDS.

Details are in the documentation.

 

LDAP Connection Pooling

Crowd now supports connection pooling for your LDAP servers. The LDAP service provider maintains a pool of connections and assigns them as needed. When a connection is closed, LDAP returns the connection to the pool for future use. See the documentation.

Connection pooling cuts the overhead of making the LDAP connection. Sites using Active Directory with SSL will see performance on par with an unsecured connection. This is an order of magnitude improvement over Crowd 2.0. 

 

Secure Password Resets

When someone has forgotten their password, Crowd no longer sends them a new password. Instead it sends them a unique, random URL and prompts them to choose their own new password. There are a number of advantages to the new workflow:

  • Crowd uses a secure algorithm to generate the unique, random URL for the user concerned.
  • Users can ensure that their new password matches the directory regex pattern, where relevant.
  • People who have forgotten their usernames can now also request a reminder via email. There is a new email template for this notification.
  • Password reset can no longer be used as a denial of service attack.

 

Other Things Worth Mentioning

Complete List of Improvements and Fixes

JIRA Issues (119 issues)
Key Summary Priority Status
CWD-2079 Make the DebugLoggingPropertySet serializable Minor Resolved
CWD-2074 Investigate if and how SVN integration can happen in RedHat 6 Minor Closed
CWD-2069 Please update the help-paths.properties file for Crowd 2.1 Major Resolved
CWD-2068 Wrong UI text on CrowdID "reset password" screens Major Resolved
CWD-2066 Wrong UI text on admin "reset password" screen Major Resolved
CWD-2057 Crowd 2.1 Textual Updates Minor Resolved
CWD-2038 HttpAuthenticatorFactory returning implementation class rather than HttpAuthenticator interface Major Resolved
CWD-2036 Clicking cancel from the confirm delete of application causes error Minor Resolved
CWD-2031 Document UserResource REST API Minor Resolved
CWD-2030 License Updates are causing Crowd to loose contact with the PasswordEncoder jar Critical Resolved
CWD-2029 findPrincipalByName returns the Char Case used in the API argument, not the one returned as the API search result Minor Resolved
CWD-2023 Mark ImmutableUser, ImmutableGroup, etc. as Serializable Minor Resolved
CWD-2022 Minor textual update in the "Forgot Login" screen Minor Resolved
CWD-2021 Forgotten password and username workflow for CrowdID Major Resolved
CWD-2020 Minor textual updates in the "Forgot Username" screens Minor Resolved
CWD-2019 Minor textual updates in the "Forgot Username" email Minor Resolved
CWD-2014 Password reset: Change message "Your new password is on the way! " Minor Resolved
CWD-2013 Crowd login screen: Please change text on "Login" button to say "Log In" Minor Resolved
CWD-2012 Textual improvements on the new LDAP connection pool screen Minor Resolved
CWD-2011 LDAP connection pooling accepts "rhubarb" as a pool protocol Major Resolved
CWD-2010 Broken link and textual improvements to Crowd startup web page Minor Resolved
CWD-2009 Update Admin Reset Password to Atlassian Standard Minor Resolved
CWD-1999 Deprecate the current concept of Roles in Crowd Major Resolved
CWD-1996 Crowd integration cache loses some nested groups Critical Resolved
CWD-1989 Apache/Subversion Connector fails to parse repository paths with spaces Minor Resolved
CWD-1986 Document new REST API Minor Resolved
CWD-1983 Exception in custom directory prevents login to Crowd Minor Resolved
CWD-1980 SOAP Group does not have all the fields filled in when using searchGroups() method from SOAP API Minor Resolved
CWD-1973 ApplicationService returns incorrect result for searchUsers() when using startIndex Minor Resolved
CWD-1969 Spring LDAP Connector will sometimes give less than desired number of results when LDAP directory supports paged results Minor Resolved
CWD-1962 Performance benchmark the move to DB-backed caching Minor Resolved
CWD-1961 Display synchronisation status in the Crowd UI Minor Resolved
CWD-1960 Database-Backed LDAP Caching Major Resolved
CWD-1944 Active flag on directory is not respected Major Resolved
CWD-1943 Simpler SMTP Over SSL Support Minor Resolved
CWD-1940 Automated confluence LDAP build using EmbeddedCrowd Critical Closed
CWD-1935 When adding a nested group to a directory which supports nested groups, which is beneath a directory that does not, the add will fail. Minor Resolved
CWD-1923 User per user salts for passwords Major Resolved
CWD-1922 Finding an LDAP group is slow when the group has many members Major Resolved
CWD-1915 Unicode Chars Password Creation/Update in AD does not work Critical Resolved
CWD-1914 TPM build for testing Active Directory Minor Resolved
CWD-1912 REST API for client applications Minor Resolved
CWD-1908 Remove restriction on InternalUser objects having null first or last names Minor Resolved
CWD-1903 UpgradeTask395 is broken for 2.1 Minor Resolved
CWD-1901 Crowd trunk will currently not load custom Remote Directories Blocker Resolved
CWD-1894 Implement local/mixed group membership search Minor Resolved
CWD-1893 Implement local/mixed group search Major Resolved
CWD-1875 Update Forgotten Password workflow to Atlassian standard Minor Resolved
CWD-1868 Provide option to disallow auto creation of users in the Delegated Authentication Directory (mimic OSUser LDAP behaviour) Major Resolved
CWD-1865 Upgrade trunk to AUI 2.2.2 Minor Resolved
CWD-1863 Declare dependency on commons-collections in crowd-api module Minor Resolved
CWD-1862 PluginPropertyManageGeneric creates property keys incorrectly Minor Resolved
CWD-1858 Typos in SecurityServerClient's JavaDoc Trivial Resolved
CWD-1856 Make permissionManager available to plugins - needed for Studio Minor Resolved
CWD-1851 Crowd's LDAP RemoteDirectory implementations throw ObjectNotFoundExceptions Minor Resolved
CWD-1850 Hybrid LDAP-Internal directory for local attributes and groups Major Resolved
CWD-1849 Google Apps SAML complains that not enough space was allocated to hold decompressed data Minor Resolved
CWD-1843 Migrate Crowd to use the updated Crowd Embedded API's Minor Resolved
CWD-1834 DirectoryManagerGeneric will always create a new instance of RemoteDirectory on every call to any method. Critical Resolved
CWD-1827 IE8 can present an IE7 User-Agent string causing users to appear logged out Minor Resolved
CWD-1826 Merge cookie domain validation Minor Resolved
CWD-1821 Cannot set cookie domain to wildcard version of exact host Minor Resolved
CWD-1817 SecurityServerClient.authenticatePrincipal javadoc typo Minor Resolved
CWD-1810 Support wildcards in the trusted proxy server configuration Minor Resolved
CWD-1804 Update Crowd to the latest Common Modules for January Minor Resolved
CWD-1801 update common modules Minor Resolved
CWD-1795 Users created using the Integration Library have details set to the default value of "-" Minor Resolved
CWD-1789 Tests for Apache-CrowdAuth-1.2.3 fail to detect mod_perl version Major Resolved
CWD-1774 Text for Crowd console lockout error messages Minor Resolved
CWD-1772 Regression in performance on trunk Blocker Resolved
CWD-1751 REST API support for user attributes Minor Resolved
CWD-1748 Adapt Crowd client libraries to run in the GoogleAppEngine environment Minor Resolved
CWD-1746 Upgrade to Atlassian Event 2.0.0 Minor Resolved
CWD-1745 Update documentation with 2.1 to talk about the break in backwards compatability with implementations of the EventListener Minor Resolved
CWD-1730 Improve Crowd's query API to support more type safe searching Major Resolved
CWD-1727 MailServer Administration and SMTP Auth Major Resolved
CWD-1708 Rename "Use Relaxed DN Standardisation" option to avoid confusion Minor Resolved
CWD-1699 Subversion authorization with nested groups not working Major Resolved
CWD-1698 CLONE -Officially Support JBOSS 5.2 Major Resolved
CWD-1692 Produce crowd-plugin-test-resources as part of the distribution Major Resolved
CWD-1691 Allow clients to override properties in crowd.properties using system properties Minor Resolved
CWD-1671 Better Remote API for nested groups Minor Resolved
CWD-1669 Define Apache/Subversion integration support for Apple Mac Servers Minor Resolved
CWD-1617 Impossible to delete files from SVN with '++' in it through Crowd-enabled HTTP Server Major Resolved
CWD-1600 Setup wizard should check base URL before continuing Major Resolved
CWD-1569 Allow searching for users by custom attributes Major Resolved
CWD-1508 Create a new Security Server API for Crowd that exposes the improvements made to the underlying Remote Directory API. Major Resolved
CWD-1483 Implement server-side remote directory caching for OpenLDAP Major Resolved
CWD-1455 Crowd Client making multiple requests to SecurityServer.findAllGroupRelationships() cause Crowd's http queue to overflow Major Resolved
CWD-1440 Support SSO for Apache Integration Major Resolved
CWD-1417 Directories can't be listed if they are off-line Major Resolved
CWD-1369 Server-side caching mechanism support for OpenLDAP Major Resolved
CWD-1338 Investigate AD over SSL performance in Crowd Major Resolved
CWD-1321 Don't start to populate Crowd's cache again if the data load has already started. Major Resolved
CWD-1267 Enable option to configure connection pooling for directories Minor Resolved
CWD-1243 ViewPrincipal's processMemberships is a very expensive call Major Resolved
CWD-1224 Add searchMembers for remote API Major Resolved
CWD-1203 Allow batch loading of remote principals Major Resolved
CWD-1200 Need to Review Crowd/Confluence User/Group creation/search behavior Major Resolved
CWD-1151 Improve the SecurityServerClient API, possibly the SOAP API also Major Resolved
CWD-1094 Apache module authz commands are not additive Major Resolved
CWD-1092 Apache module returns 401, should be 403 Major Resolved
CWD-1014 Reset Password functionality does not consider directory password configuration Major Resolved
CWD-986 Crowd needs to update the soap API for searches (searchGroups, searchPrincipals, searchRoles) so that the result can also be sort by returned fields and not just paged. Major Resolved
CWD-975 Add support for LDAP connection pooling Major Resolved
CWD-871 Saving of arbitrary data against users in Internal Directory Major Resolved
CWD-837 Officially support IPv6 Major Resolved
CWD-776 Apache module's Subversion support should support the SVNParentPath directive Minor Resolved
CWD-763 Crowd client libraries for JIRA using AD with SSL enabled are unacceptably slow. Major Resolved
CWD-751 DirectoryInstanceLoader should only have one directory instance of each directory in memory rather than multiple reloads by the managers Major Resolved
CWD-725 Searching groups/roles via members does not work Major Resolved
CWD-673 Use Collections API instead of Arrays everywhere Trivial Resolved
CWD-587 provide better start scripts for Unix Minor Resolved
CWD-559 Support the searching of custom remote principal attributes. Major Resolved
CWD-536 JIRA performance improvements Major Resolved
CWD-391 Apache module should be able to limit access based on group Major Resolved
CWD-362 Reset password error is not useful when regex is not passed. Minor Resolved
CWD-204 XML-RPC/Simplified soap interface please Major Resolved
CWD-86 Anyone can reset anyone elses password Major Resolved

Attachments:

ConnectionPoolForReleaseNotes.png (image/png)
ConnectionPoolForReleaseNotes.png (image/png)
ForgotPassword.png (image/png)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
dummy (text/xml)
dummy (text/xml)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
ConnectionPoolForReleaseNotes.png (image/png)
LDAPCachingOverviewFromGliffyDiagram.jpg (image/jpeg)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCaching-2.1-ReleaseNotes (application/octet-stream)
LDAPCachingOverviewFromGliffyDiagram.jpg (image/jpeg)