Start a new topic

LDAP roles in CrushLDAPGroup plugin

24U @ Fri Aug 01 06:32:24 EEST 2014
I am looking into CrushFTP in search of replacement for I would like to allow Apple Open Dir users to access directories on CrushFTP based on their group membership. At this point a OD user can login, will get the directory from the "default" user and will get his own home directory.

I have created users as templates for the LDAP roles in the User Manager tab. The template local users can log in and each has his own directory (eg sales, accounting, development) that is in the directory tree on same level as the directory of the "default" user.

When I try to connect with an OD user, I get his home directory, I get the directory inherited from the default user but I don't get the directory inherited from the template user I have configured in the LDAP roles in the CrushLDAPGroup plugin.

I have a strong suspicion I am doing something terribly wrong. Could anyone help? Also, my copy of CrushFTP ain't licensed yet (I am still testing), could that be the issue?

spinkb @ Fri Aug 01 07:13:21 EEST 2014
In the roles configuration in the ldap plugin, it allows you to test the roles. Do this.

Does it report your user is a member of the roles you think they are, or is it not finding them at all in any roles?

Did you change the member field to match what is actually being used in OD too?

24U @ Fri Aug 01 09:22:01 EEST 2014

all three tests on the CrushLDAPGroup plugin tab work beautifully.
1) I can connect to OD
2) I can search for username
3) role search test correctly points out the role for the tested user (or fails if the user is in none of the roles listed)

As for the other question - If you are talking about the "Role Member Field" item on the CrushLDAPGroup plugin tab, I am using "memberUid". But it is not because I have figured that one out, it just was the one that seemed to work with the tests.... I am using Apple Open Directory running on a Mac OS X 10.9 server.

Thank you

spinkb @ Fri Aug 01 15:31:23 EEST 2014
Can you email us directly at support and we can do a screen sharing session to try and see what is going wrong?

What you have done sounds correct...just missing something.

Login to post a comment