2

I have been evaluating Atlassian Crowd for my organization and we use gerrit as one of our main services along with jira, confluence, jenkins. I am trying to find out if we can use crowd as authentication support for gerrit instead of LDAP.

Kara
  • 6,115
  • 16
  • 50
  • 57
Sanzig
  • 121
  • 2
  • 10

1 Answers1

4

You might want to check out the thread Atlassian Crowd auth support for gerrit - it originated in 2011, but apparently Eric Anderson's auth type hasn't quite madeit into Gerrit yet, see lucamilanesio's response from 2014-02-26:

the auth backend patch is still under review :-( ... I agree we should should push for merging it

However, Andrew Diller's later response from 2013-07-18 suggests an alternate approach:

The current version of Crowd comes with an OpenID provider. We are using that to allow Gerrit to auth to 2 LDAP backends- one direct to LDAP server, the other to a MicrosoftActiveDirectory via Crowd. It works great.

So it looks like this:

gerrit --> OpenID -> Crowd -> LDAP -> ActiveDirectory
[gerrit] --> OpenID -> Crowd -> LDAP -> OpenLDAP

again, this works today very nicely.

Beware that this only seems to apply to authentication at this point:

It is just for auth, since the LDAP servers to us are ReadOnly, we cannot control the groups. But I have not investigated this deeply.

In our case this is just what we want- usually our LDAP servers are a mess, it's easier for us to control groups on gerrit itself.

Disclaimer: I haven't used that myself.

Steffen Opel
  • 63,899
  • 11
  • 192
  • 211
  • Thanks a lot Steffen, We were planning to move away from LDAP as the current application we are using does not have a good front-end. We would like to basically replace LDAP with crowd. Can you please let me know your thoughts on that? Do you think its feasible? – Sanzig May 26 '14 at 22:24
  • @Sanzig - this really depends on the details of your requirements, unfortunately I can't help with that. I can offer 2 more aspects though: 1. If you are primarily running an all Atlassian stack and are fine with using SSL and the Apache Crowd Connector for everything w/o native Crowd support, this works nicely, I'm using it myself for years. 2. OTOH, Crowd doesn't seem to get as much development resources as it should, given it's their very own SSO solution backing e.g. http://id.atlassian.com. Notably it lacks the meanwhile expected [SAML support](https://jira.atlassian.com/browse/CWD-1822). – Steffen Opel May 27 '14 at 07:41