« Wiki Index

LDAP Integration

To setup LDAP integration from within the Cloud Appliance, login as the Cloud Admin, and navigate to the 'Auth Systems' option on the Organization sidebar. You can add MS Active Directory or any other LDAP server e.g. OpenLDAP menubar

In your account you can add multiple LDAP servers.

Setup Authentication Provider

From the dropdown list select LDAP provider ldapselect

You can complete the setup for LDAP server here ldapform

Connection Settings

Auth System Name: This will be the displayed name of the ldap system when importing users LDAP Server host or IP: The IP or hostname of the LDAP server LDAP Server port: The port to use default is 389 Connection Encryption: You can chose None, ldaps or TLS Base DN: The root distinguished name (DN) to use when running queries against the ldap server. Example: dc=domain1,dc=local Administrator User DN: Administrator User Administrator User Password: Password for the administrator user

Users Import Settings

Update user roles/groups on login: On login user will be assigned roles from LDAP User Object Class: The user object class Additional Custom User Object Classes: Additional user object classes, you can enter multiple values separated by comma Login Field: The login field to use, this is pre-populated with the most common values uid,cn, sAMAccountName, userPrincipalName and will be used as user login id. You can enter a custom value by selecting Use Custom User Login Field and enter a custom filed customloginfield User Name Field: The mapping for user name field that will be used. this is pre-populated with the most common values cn, name, displayName You can also enter a custom filed by selecting Use Custom User Name Field and entering a custom field value. customusernamefiled

Use Custom User Email Field: By default mail or email field will be used. By selecting this checkbox you can use a custom filed for email mapping.

Group (Role) Id Field: The group mapping to use.

Restrict import of users from the following groups: Restrict import of users to a certain groups

Group (Role) Object Class: The Group class to use

Custom Group (Role) Object Classes: You can enter multiple Group classes separated by comma.

Role Name Field: The field to use for role mapping. You can enter custom field for by selecting Use Custom Role Name Field

Importing Users and Roles

After LDAP and the SME Cloud File Server have been successfully connected navigate to the "Users" option from the web menu. There will now be a further option, "Import users from a remote source". Clicking this link will show users that are available in LDAP for import / mapping to the Cloud File Server.

importusers

Choosing Users to Import

Select the recently added auth system from the dropdown list if you have added more than one auth systems. selectauth

Once the users from LDAP are visible users can be selected for import (and roles separately if required) from the set by selecting the role drop down. If multiple roles are required choose shift-select to select more than one role.

importusers2

When complete click the "import selected users" box.

The SME user login ID will be username@orgname

Importing Roles Directly

If the Cloud File Server users have been setup directly it is still possible to import roles separately from Active Directory. To do this login as the Cloud Administrator on the web, click on the Roles menu option in the right sidebar and click the link, "choose what roles to import". Select the auth provider and import the roles.

importroles

Managing Users and Roles

User role mappings can be managed from the User option in the right sidebar after logging in as the Cloud Admin. This lists all users and the Role that is assignedto them. Clicking on the edit icon enables options to be changed for an individual user, one of which is the Role Option.

Assiging Permissions to Roles

Once Users and Roles are set up then permissions can be set against a Shared folder by logging into the Web as Cloud Admin and selecting the 'Shared Team Folders'i option from the right sidebar. Permissions can be set in one of three ways:

  • At a Folder lever
  • At a Roles level
  • At a user level

The precedence is applied in the following order (lowest first)

  • Folder permissions
  • Role permissions
  • User permissions

Where a user is in multiple roles then least restrictive permissions apply.

User Login

Once the users have been setup they can login directly using their normal LDAP to login through the SME Cloud File Server. On login their user credentials are sent to LDAP if the user is authorised then this is passed back to the SME Cloud File Server which issues a token for access. This token will then be used for SME File Server access for the users sessions and will be passed with each request.