Subsonic Forum

Dear Sindre,

I managed to get my Subsonic server working for my school. Settings:
LDAP URL: ldap://cgu-ad1.cgu.nl:389/dc=cgu,dc=nl
LDAP searchfilter: (&(sAMAccountName={0})(&(objectCategory=user)(memberof=cn=pupils,cn=Users,dc=school,dc=nl)))
LDAP manager DN: domainname\ldapquery Wachtwoord
Maak automatisch gebruikers aan in Subsonic

I tested with a pupil account and found a folder attached. But where/how do I manage what folder(s) are linked to what ldap users? And how can I manage the rights of these users? Apparently they are now (fully) authorized to do things I don't want them to do.
The situation becomes more complicated: teachers need different rights. How can I manage this?
Kind regards,

Jan Willem

The new LDAP account get the folder permissions that are specified in your default user settings.

It's not possible to set different permissions for different LDAP OU, you had to change the permissions for the teachers after they had authorized to the server.

Dear mrfloppy,
Thank you for your swift reply.
Your answer brings up the question: Where do I adjust the default user settings? I can't find them in the Settings menu.
I have access to the console of the server. Which config file do I need to edit?
I want to remove the setting User may adjust settings ans password.

I've tried setting up a Subsonic server using Ldap but soon discovered a lot of problems:
1 You can't define permissions by OU. You'll have to manually edit every user to define what folders they are allowed to use and what other settings need to apply for them.
2 The same user can get multiple accounts by just using typing the username differently. So J.Smith gets an account, but he'll get a new account the next time he logs in as J.smith. Logging in as j.Smith gives him another account. And so on.
3. There's no use in disabling users from changing their password. If they use the "Forgot my password" option they'll receive a mail with a new password. Obviously since Subsonic checks their credentials with AD they should still have to use their initial password. But I never got round to testing this.
I finally abondoned the whole project and made it very easy on myself by creating one user Pupil and one user Teacher.
In that way I only had to remove the "Forgot my password" link from the logon-page and noone could change the passwords given to the accounts.

Dear Toolman,

Thank you very much for your answer.
At the moment I also disabled the use of LDAP for the same reason and chose an equal solution as you did.
If more people are interested in the use of LDAP (or Active Direcorty AD) maybe (with the needed funding) this might be a welcome extention.
The reason to use LDAP is to have more control over who is allowed to log on and to see what.