Active Directory and UrBackup

Hello uroni,

for our user administration we use w2k3 with active directory. It is possible to establish a connection from UrBackup server to the active directory?

Thanks in advance
steini

This would be nice to see.
Is it possible to connect the Server to an ActiveDirectory for authentication, so a specific OU can log in to the web console?

This will be in 1.5. What’s currently in a testable state:

  • Administrators can login using AD
  • Users can login on the webinterface and see the clients where they have local accounts and can access all files th local accounts have access to.

Unfortunately I do not have a real-world AD setup, so I hope somebody can help me test that?

I could probably help with that. I might even be able to setup a virtualized environment for you to test in.

Thanks. Will get it ready.

I can also test in a virtual environment. With a Debian vm, a Windows 2003 domain and LDAP. But sometimes ist the time shortish…

Okay, a version with LDAP support is now available here https://sourceforge.net/projects/urbackup/files/WorkInProgress/ (for testing).

Users will only be able to log in and see their backups once they have one successful file backup with UrBackup 1.5 (and it must be 1.5). The default settings should be for Microsoft Active Directory.

Could you give me please more information about the ldap settings?

With an AD server you should just have to put in the IP address/name. Perhaps change the “Domain Admin” group to something else such that a different group has admin rights on the UrBackup server.

UrBackup is installed on a mixed stable/testing Debian system. The installations runs fine. But what is required in the followin fields?

  • LDAP/AD user name prefix
  • LDAP/AD user name suffix
  • LDAP/AD group and class query --> “DC=example,DC=com…”
  • Test login with this user
  • Password for test user

What gets prepended to the username when logging in usually “firmenname”.

Can be left empty.

Change to your choice of domain name. E.g. DC=firmenname,DC=de . See also https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/aa746384(v=vs.85).aspx . Same in LDAP/AD group rights map.

You can enter a username/password combination and will see which rights it gets on the web interface.

Thanks a lot for your help.

I use the LDAP Browser from Softerra. It’s for free.

Ok that works for me.

LDAP/AD group and class query --> LDAP Base-DN (distinguishedName)
LDAP/AD user name prefix --> it’s the first domainComponent in Base-DN (distinguishedName)

Now I still need to install the test environment. This will take a little time.