Subsonic Forum

I wish to use LDAP for authentication, but I also wish to pick-and-choose who specifically can and cannot log in. That is, simply having a valid LDAP account is not sufficient to permit access; I wish to say which individual LDAP users can or cannot log in. Does Subsonic have this capability, and if so, how do I configure it?

Thanks in advance!

The only way to do that would be to add some property to those users in the LDAP server (if you have the possibility to do so), and include that property in the LDAP search filter (in Settings > Advanced).

Cheers,
Sindre

Sorry, I was too quick in my first reply

What you want is indeed possible. In Settings > Advanced, turn on "Enable LDAP authentication", but turn off "Automatically create users in Subsonic".

For each user you want to grant access, go to Settings > Users, enter the username and turn on "Authenticate user in LDAP"

Hope this helps!

Hi Sindre,
I'd like to revive this question. I'm planning to do something very similar on my university campus. I don't have permission to add LDAP properties, so I will use your advice in that last post. But I want to add about 150 LDAP users, and add about 100 new ones once a year. So is there an easy way to create users in a batch? I wouldn't mind writing a script to modify a text file somewhere if that's how it works. But consider this a feature request if it's not already possible. I envision making a text file with a list of usernames, and batch creating users from that. I also need a way to delete a batch of users.
Thanks for all your hard work thus far on Subsonic!

Do what I did.

Create a usergroup in Active Directory, and put all users in it.
Then you can edit the search string in LDAP to filter, to allow only users in that specific group in your subsonic.

That would work great if I had permission to make Active Directory groups. That's managed by a different department on campus, and they don't want to deal with it. So I need to find a way to make this work locally.

In that case i would access db.view.

<yourhost:port>/db.view

From there, you may be able to add multiple users at one time. It's a small patch for a large wound, but I think it is easier than adding all the users separately. In the DB, it's probably possible to flag the users as LDAP users.
Of course adding the group would be the neatest, but this is probably a good alternative.

I'd like to try that, but I don't know much about SQL. Is there a guide somewhere for editing db.view? Or could you tell me how to just do this one task?