Start a new topic

CrushFTP LDAP Groups not creating users properly (I think)

twelverobots @ Mon Feb 10 16:28:14 EET 2014
I just installed and set up CrushFTP 7. I decided to try integrating with our local AD LDAP. I enabled the LDAP Group Plugin. I was able to successfully connect and query users. All seemed fine.

However, then when I tried to go and look at that user, I received an error.

http://screencast.com/t/vZnIwRLS

[img]http://content.screencast.com/users/twelverobots/folders/Jing/media/544e419e-3565-4684-ad40-f7a022dad56e/00000048.png[/img]

The user works, I can log in with it, the home directory gets created, but when I try to view this user in the user manager I get a Java exception that the user is not found. It seems to have appended the charatcers "text" onto the end of the username.

In poking around in the CrushFTP_7_PC/users/MainUsers/ folder, I noticed that most of the users seem to have a user.xml file. But the user that the LDAP plugin created does not. When I manually add that file, by copying another and editing it appropriately, then everything works fine.

Is this possibly a bug with the LDAP Group plugin?

User folder created by adding user manaully in the User Manager:

[img]http://content.screencast.com/users/twelverobots/folders/Jing/media/e6b2a182-694c-407b-a69d-906b4307699c/00000050.png[/img]

User folder created automatically by the LDAP Group Plugin:

[img]http://content.screencast.com/users/twelverobots/folders/Jing/media/3a1aef82-7378-4f55-90f7-4ea33abbdd99/00000049.png[/img]

Thanks,

Jason

spinkb @ Mon Feb 10 18:17:51 EET 2014
In your ldap config, did you specify any locations to this users DB folder location that might cause this?

Or have you enabled the HomeDirectory plugin that might be doing this?

Can you easily replicate this on demand with a new username?

Let me know,
Ben
twelverobots @ Mon Feb 10 18:39:23 EET 2014
I actually do have HomeDirectory enabled. Am I not supposed to? Can I not use both of them?

I am not sure about the ldap config and users DB foldr location, I will look into it tomorrow when I am back at work.

I will also try it with another user account.

Jason

spinkb @ Tue Feb 11 01:43:58 EET 2014
Normally you would never use HomeDirectory and LDAP at the same time as the LDAP plugin already provides the features of the HomeDirectory plugin.

Disable the HomeDirectory plugin.

Thanks,
Ben
twelverobots @ Tue Feb 11 07:55:02 EET 2014
OK, now this is starting to make sense. I tried it without the HomeDirectory plugin before, but when I did not see any users show up in the user manager, I figured that it was wrong. But I think I get it now.

Correct me if I am wrong, but here is what I am thinking.

When using the LDAP Groups plugin:
- CrushFTP does not create a user in CrushFTP.
- Instead it will allow you to specify a user that the LDAP (virtual?) user will mimic. So in addition to getting its own Home Directory, the new user will also receive any virtual directories the specified user has.
- You can mimic a different user for users in different LDAP Roles. So "Admins" can have a different set of virtual directories than "Users".
- It does create the home directory for that user, unless there is a home directory specified in LDAP to which CrushFTP has access

It is very clever the way this works, but the documentation does not make it clear. When I did not see new users showing up in User Manager I thought it was set up wrong.

Jason
spinkb @ Tue Feb 11 08:09:13 EET 2014
Yes, you have that right.

It can make a home folder if the property pulled from LDAP doesn't exist, or it can be set to make the folder referenced in t he ldap property, etc.

Thanks,
Ben
Login to post a comment