How to manage folders for LDAP users?

Frequently asked questions.

Moderator: moderators

How to manage folders for LDAP users?

Postby helpdesk-cgu » Mon Jan 30, 2017 1:06 pm

Dear Sindre,

I managed to get my Subsonic server working for my school. Settings:
LDAP URL: ldap://cgu-ad1.cgu.nl:389/dc=cgu,dc=nl
LDAP searchfilter: (&(sAMAccountName={0})(&(objectCategory=user)(memberof=cn=pupils,cn=Users,dc=school,dc=nl)))
LDAP manager DN: domainname\ldapquery Wachtwoord
Maak automatisch gebruikers aan in Subsonic

I tested with a pupil account and found a folder attached. But where/how do I manage what folder(s) are linked to what ldap users? And how can I manage the rights of these users? Apparently they are now (fully) authorized to do things I don't want them to do.
The situation becomes more complicated: teachers need different rights. How can I manage this?
Kind regards,

Jan Willem
helpdesk-cgu
 
Posts: 3
Joined: Mon Jan 30, 2017 12:56 pm

Re: How to manage folders for LDAP users?

Postby mrfloppy » Tue Jan 31, 2017 6:31 am

The new LDAP account get the folder permissions that are specified in your default user settings.

It's not possible to set different permissions for different LDAP OU, you had to change the permissions for the teachers after they had authorized to the server.
mrfloppy
 
Posts: 48
Joined: Thu Apr 16, 2015 10:12 am

Re: How to manage folders for LDAP users?

Postby helpdesk-cgu » Tue Jan 31, 2017 12:12 pm

Dear mrfloppy,
Thank you for your swift reply.
Your answer brings up the question: Where do I adjust the default user settings? I can't find them in the Settings menu.
I have access to the console of the server. Which config file do I need to edit?
I want to remove the setting User may adjust settings ans password.
helpdesk-cgu
 
Posts: 3
Joined: Mon Jan 30, 2017 12:56 pm

Re: How to manage folders for LDAP users?

Postby toolman » Fri Feb 03, 2017 5:40 pm

I've tried setting up a Subsonic server using Ldap but soon discovered a lot of problems:
1 You can't define permissions by OU. You'll have to manually edit every user to define what folders they are allowed to use and what other settings need to apply for them.
2 The same user can get multiple accounts by just using typing the username differently. So J.Smith gets an account, but he'll get a new account the next time he logs in as J.smith. Logging in as j.Smith gives him another account. And so on.
3. There's no use in disabling users from changing their password. If they use the "Forgot my password" option they'll receive a mail with a new password. Obviously since Subsonic checks their credentials with AD they should still have to use their initial password. But I never got round to testing this.
I finally abondoned the whole project and made it very easy on myself by creating one user Pupil and one user Teacher.
In that way I only had to remove the "Forgot my password" link from the logon-page and noone could change the passwords given to the accounts.
toolman
 
Posts: 538
Joined: Fri Dec 11, 2009 4:18 pm
Location: Netherlands

Re: How to manage folders for LDAP users?

Postby helpdesk-cgu » Mon Feb 06, 2017 7:15 am

Dear Toolman,

Thank you very much for your answer.
At the moment I also disabled the use of LDAP for the same reason and chose an equal solution as you did.
If more people are interested in the use of LDAP (or Active Direcorty AD) maybe (with the needed funding) this might be a welcome extention.
The reason to use LDAP is to have more control over who is allowed to log on and to see what.
helpdesk-cgu
 
Posts: 3
Joined: Mon Jan 30, 2017 12:56 pm


Return to FAQs

Who is online

Users browsing this forum: No registered users and 5 guests