Can I use Atlassian Crowd to authenticate gerrit instead of ldap?

Question

I have been evaluating Atlassian Crowd for my organization and we use gerrit as one of our main services along with jira, confluence, jenkins. I am trying to find out if we can use crowd as authentication support for gerrit instead of LDAP.

Answer 1

You might want to check out the thread Atlassian Crowd auth support for gerrit - it originated in 2011, but apparently Eric Anderson's auth type hasn't quite madeit into Gerrit yet, see lucamilanesio's response from 2014-02-26:

the auth backend patch is still under review :-( ... I agree we should should push for merging it

However, Andrew Diller's later response from 2013-07-18 suggests an alternate approach:

The current version of Crowd comes with an OpenID provider. We are using that to allow Gerrit to auth to 2 LDAP backends- one direct to LDAP server, the other to a MicrosoftActiveDirectory via Crowd. It works great.

So it looks like this:

gerrit --> OpenID -> Crowd -> LDAP -> ActiveDirectory
[gerrit] --> OpenID -> Crowd -> LDAP -> OpenLDAP

again, this works today very nicely.

Beware that this only seems to apply to authentication at this point:

It is just for auth, since the LDAP servers to us are ReadOnly, we cannot control the groups. But I have not investigated this deeply.

In our case this is just what we want- usually our LDAP servers are a mess, it's easier for us to control groups on gerrit itself.

Disclaimer: I haven't used that myself.