Integrating with LDAP/AD

Administrator can integrate FileAgo with an LDAP/Active Directory server via Admin Panel -> LDAP Settings, after which FileAgo will:

  • fetch users and groups from LDAP/AD and create them in FileAgo.
  • sync changes or fetch new users/groups from LDAP/AD every 5 minutes.
  • confirm the username/password credentials with LDAP/AD before allowing access to its users.

Configuration

Click on Configure to input LDAP/AD settings.

LDAP Server


Host

Enter the hostname (FQDN) of your LDAP/AD server.

Port

Enter the port number. Default LDAP port is 389.

User DN

The Distinguished Name (DN) of a user who has permissions to do searches in the LDAP directory. For e.g.: uid=systemuser,cn=sysusers,dc=my-company,dc=com

Password

Password of the user.

Keep LDAP passwords?

If this option is enabled, then FileAgo will store the last known working LDAP password of the users, and the supplied password (during authentication) will be matched with it if the LDAP server is not accessible or is down at that time.

User Accounts


Base user tree

The base DN of LDAP from where all users can be reached. E.g.: cn=users,dc=my-company,dc=com

Filter user by

From the base user tree, how do you want to filter users? You can either use a valid object class (for e.g.: inetOrgPerson), or any custom filter, like:

(&(objectClass=inetOrgPerson)(memberOf=cn=fileagousers,ou=groups,dc=my-company,dc=com))

Username attribute (case sensitive)

The attribute which uniquely identifies a user in LDAP. E.g.: uid, or sAMAccountName.

Display name attribute (case sensitive)

The attribute which stores the name of the user in LDAP. E.g.: sn, or displayName.

Email attribute (case sensitive)

The attribute which stores the email of the user in LDAP. E.g.: mail, or mailPrimaryAddress.

Default disk quota of a user (in bytes)

When a new user account has to be created during the sync process, what should be its disk quota? Set 0 for unlimited disk quota.

Exclude users list

Enter the DN of those users who should not be added into FileAgo in each line. E.g.:

uid=john,cn=users,dc=my-company,dc=com
uid=james,cn=users,dc=my-company,dc=com

Groups


Sync groups from LDAP?

Choose Yes if you wish to also sync groups from the LDAP server.

Base group tree

The base DN of LDAP from where all groups can be reached. E.g.: cn=groups,dc=my-company,dc=com.

Filter group by

From the base group tree, how do you want to filter groups? You can either use a valid object class (for e.g.: group), or any custom filter, like:

(&(objectClass=group)(cn=groups,dc=my-company,dc=com))

Group name attribute (case sensitive)

The attribute which stores the name of the group in LDAP. E.g.: cn, or name.

Default disk quota of a group (in bytes)

When a new group account has to be created during the sync process, what should be its disk quota? Set 0 for unlimited disk quota.

Exclude groups list

Enter the DN of those groups which should not be added into FileAgo in each line. E.g.:

cn=demousers,cn=groups,dc=my-company,dc=com
cn=remoteusers,cn=groups,dc=my-company,dc=com

Group permissions

Configure the permissions which a user should have when it is first added to a group during the process of LDAP sync.

LDAP Custom Attributes


It is possible to create custom attributes in LDAP to override certain default values which are configured above.

For example, the default disk quota for a user or group can be overridden individually by setting an integer value for faDefaultQuota attribute in the DN. The complete list is given below.

NOTE: If these attributes exist in LDAP with invalid values, then the default values (configured above) will be used instead.

Attribute Name Applies To Type Info
faDefaultQuota User DN, Group DN Integer Enter a numeric value to set the disk quota. The value will be considered as bytes.
faDefaultNodePermissions Group DN String Use this attribute to set the permissions that should be granted for a user at the time of adding it to a group. For full permissions, set its value as read, write, delete, download.
faDefaultSharePermissions Group DN String Set the file sharing permissions for a user at the time of adding it to a group. For full permissions, set its value as public_create, public_delete, private_create, private_delete.
faDefaultTagPermissions Group DN String Set the permissions for tag creation/deletion for a user at the time of adding it to a group. For full permissions, set its value as create, delete.