Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
Clipboard01.jpg 219.8 kB 1 05-Nov-2018 16:11 Ada Csaba uru
png
Clipboard01.png 207.7 kB 1 05-Nov-2018 16:19 Ada Csaba
png
Notify_Locked_Account.png 4.7 kB 1 16-Jul-2020 17:23 Halmágyi Árpád
png
crushldapgroup1.png 68.3 kB 2 25-Oct-2018 04:31 Ben Spink
png
crushldapgroup2.png 40.8 kB 2 25-Oct-2018 04:31 Ben Spink
png
homedir0.png 16.4 kB 1 05-Nov-2018 18:29 Ada Csaba
png
homedir1.png 111.3 kB 2 05-Nov-2018 18:37 Ada Csaba
png
homedir2.png 134.0 kB 2 05-Nov-2018 18:37 Ada Csaba
png
ldapconn1.png 207.7 kB 1 05-Nov-2018 18:06 Ada Csaba
png
ldapconn2.png 50.6 kB 2 05-Nov-2018 19:18 Ada Csaba
png
ldapconn3.png 60.1 kB 2 05-Nov-2018 19:18 Ada Csaba
png
mapping1.png 25.1 kB 1 05-Nov-2018 18:46 Ada Csaba
png
roles1.png 271.1 kB 3 05-Nov-2018 18:25 Ada Csaba
png
roles2.png 6.2 kB 1 05-Nov-2018 19:33 Ada Csaba
png
trblshoot1.png 144.8 kB 1 05-Nov-2018 19:29 Ada Csaba
png
trblshoot2.png 113.0 kB 1 05-Nov-2018 19:29 Ada Csaba
png
trblshoot3.png 230.8 kB 1 05-Nov-2018 19:29 Ada Csaba

This page (revision-45) was last changed on 21-Jul-2020 15:29 by Ada Csaba

This page was created on 25-Oct-2018 04:31 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 12 added one line
At line 15 added one line
Multiple server URLs supported, for high availability, the plugin will round robin between these.
At line 17 added 8 lines
The plugin also allows multiple instances, this feature facilitates integration with different user domains or to have different configurations to catch a certain subset of users, etc. The query order is left to right, as the instances appear on the tab list. First successful hit allows login, we look for the user no further.
[attachments|ldapconn3.png]
Each plugin instance can restrict the allowed users to certain server ports or Sever Connection Groups
[attachments|ldapconn2.png]
At line 36 added one line
At line 27 changed one line
A role template is a local CrushFTP user account for parenting group membership based inheritance. In case such a role template is assigned, all LDAP users member of this group will inherit settings from this account, including it's __VFS__ configuration; this can be used to grant per group based common working directories or local admin rights for example.
A role template is a local CrushFTP user account for parenting group membership based inheritance. In case such a role template is assigned, all LDAP users member of this group will inherit settings from this account, including it's __VFS__ configuration; this can be used to grant per group based common working directories or local admin rights for example.
A master template can also be designated , with instance wide scope
[attachments|roles2.png]
At line 33 changed one line
With this option if is enabled, the plugin will match the logging in user name against the local user database, in case of a successful match, the user is allowed to log in with it's LDAP password, and the user settings, including it's VFS configuration, is loaded from the local account. This method allows the most fine grained control over each LDAP integrated account, with the cost of being tedious, will need to create for each allowed user a matching account in User Manager (with blank or random password, since that will be ignored anyways).
With this option if is enabled, the plugin will match the logging in user name against the local user database, in case of a successful match, the user is allowed to log in with it's LDAP password, and the user settings, including it's VFS configuration, is loaded from the local account. This method allows the most fine grained control over each LDAP integrated account, with the cost of being tedious, will need to create for each allowed user a matching account in User Manager __manually__ (with blank or random password, since that will be ignored anyways).
At line 53 added 2 lines
[attachments|homedir0.png]
At line 38 changed one line
[attachments|homedir0.png]
At line 70 added one line
At line 72 added 4 lines
The __Create additional subfolders in home directory :__ section instructs the plugin to automatically create a pre defined set of subfolders below the user's home directory root.
In stream PGP file Encryption and Sync can be configured using the __Advanced__ menu.
At line 77 added 28 lines
This section allows mapping of LDAP attributes to local user parameters. Most common use case LDAP integration with SSH user public key based authentication.
In this case, an otherwise redundant LDAP field, __description__ was used to store the user public key path (or the key file content).
[attachments|mapping1.png].
!!!Troubleshooting
There are separate test tools to validate connectivity and query account credentials
[attachments|trblshoot1.png]
user lookup and role based filtering
[attachments|trblshoot2.png]
and user login (without the need of the actual end user password, the test tool will fake a login based on user lookup and validate home folder access)
[attachments|trblshoot3.png]
Notify Locked Account: If an account becomes disabled or locked, this option triggers sending an email to the LDAP User's email address.
A special email template must be set up for this with the exact name of "LDAP_Locked_Account" on Preferences -> Email Templates page.
The "Email address cache" option prevents the server of sending multiple emails.
[attachments|Notify_Locked_Account.png]
!!!Followup
Later versions of Crush v9 also discern between LDAP error code 49 subtypes, the above method will provide meaningful feedback for subcode 52e, 773 and 775.
Version Date Modified Size Author Changes ... Change note
45 21-Jul-2020 15:29 6.907 kB Ada Csaba to previous
44 21-Jul-2020 15:29 6.907 kB Ada Csaba to previous | to last
43 16-Jul-2020 17:22 6.732 kB Halmágyi Árpád to previous | to last
42 09-Nov-2018 14:33 6.331 kB Ada Csaba to previous | to last
41 09-Nov-2018 14:33 6.33 kB Ada Csaba to previous | to last
« This page (revision-45) was last changed on 21-Jul-2020 15:29 by Ada Csaba
G’day (anonymous guest)
CrushFTP9 | What's New

Referenced by
LeftMenu

JSPWiki