Hey marcin, hope you find these features useful. We use an Atlassian Crowd database for our directory at my enterprise, so I found this feature essential to add. Works for me at current. Let me know if there are problems with it.
This patch adds a number of new features:
- Authenticate users against an Atlassian Crowd DB via libatlassian
- Crowd settings page, to turn crowd on/off and change settings
- Check the incoming user's crowd groups to set Admin or not, based
on "crowd admin groups" in the settings page
- New user model elements, "extern_name" and "extern_type". These
serve the same purpose that ldap_dn used to, but they are more
generic, and should replace ldap_dn as soon as possible to allow
yet more extensible authentication methods. ldap_dn is still
populated and checked as normal, extern_name/extern_type are just
used alongside it for now.
- Changed the admin users view to remove the "ldap" boolean column
and replace it with an "external" column that says the type of
external DB the user comes from (crowd users appear as "crowd",
ldap users appear as "ldap")
You can get a 30-Day trial for atlassian crowd http://www.atlassian.com/software/crowd/overview.
When you finished the implementation I can try to put it on our test site for RhodeCode and see if it works as expected and do some more testing.
Sorry for my lack of attention on this... Upon further thought, this idea of embedding crowd/libatlassian into rhodecode is terrible. Marcin, if you think expanding rhodecode's authentication options is a good idea for merge, then I should provide a different patch that allows for the use of pluggable authentication modules, so the users can write (and share) their own auth modules, without you guys having to maintain anything besides the core LDAP plugin.
libatlassian is my code, I was on Team Shinobi when it was written, so no worries about licensing. I just got lazy and basically forgot about this.
I have time off from work coming up this week. I'll re-apply the patch towards the current beta branch, make sure everything still works, and send an updated patch. The updated patch will focus less on Crowd specifically, it will instead implement the pluggable authentication, and include Crowd as one of the auth modules.
Sorry for dragging my feet, will update next week!
I've got the feature updated against the latest beta head revision, and am breaking out the existing ldap and rhodecode auth code into modular bits, as well as the new crowd stuff. I've also got the libatlassian external dependency solved, it's all in the auth_crowd module now. I've also got ldap_dn stripped out, and converted everything over to extern_* variables. Everything is quite promising so far. Expect an updated pull request by sometime Saturday or Sunday, depending on how fast I can spin up an ldap server to regression test that code against....