This plugin allows you to integrate CrushFTP with your LDAP server, such as the Microsoft Active Directory server, or OpenLDAP, etc.
The settings should be self explanatory. The LDAP roles expects a full path to an LDAP group. Such as: CN=FTPUsers, CN=groups, DC=domain, DC=com
The 'member' field is a field in the group that matches the full username value of the user who is trying to authenticate. if that fails, the user's attributes are searched for one that has a memberOf field matching the group.
The search filter is the attribute used to find a match to the username being used during logon.
If you enable LDAP only used for authentication, then once the credentials are verified, crush finds a username in User Manager that matches the same username that was used to login with. Only if it find the user will the login proceed.
If you instead use the HomeDirectory method, Crush find that attribute in the user and assigns that as the user's home folder and grants them access to that folder. It does not enforce ACLs though, so you assign the permissions to that folder here. You can also specify an alternate local directory to use to make their home folder if it doesn't find a match for the LDAP attribute value, or if that home folder didn't exist.
You can specify a 'master' type user from the user manage rot load additional settings and customizations from.
The overwrite VFS items should not be used if you login with multiple accounts at the same time. It clears out the user's temp VFS every time they login in case you have removed access to something.
Add new attachment
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
crushldapgroup1.png | 68.3 kB | 2 | 09-Oct-2016 18:14 | Ben Spink | |
png |
crushldapgroup2.png | 40.8 kB | 2 | 09-Oct-2016 18:14 | Ben Spink |