Active Directory and UrBackup

steini · November 26, 2014, 4:18pm

Hello uroni,

for our user administration we use w2k3 with active directory. It is possible to establish a connection from UrBackup server to the active directory?

Thanks in advance
steini

RSeb · December 11, 2014, 1:29pm

This would be nice to see.
Is it possible to connect the Server to an ActiveDirectory for authentication, so a specific OU can log in to the web console?

uroni · December 11, 2014, 6:13pm

This will be in 1.5. What’s currently in a testable state:

Administrators can login using AD
Users can login on the webinterface and see the clients where they have local accounts and can access all files th local accounts have access to.

Unfortunately I do not have a real-world AD setup, so I hope somebody can help me test that?

john3354 · December 12, 2014, 3:43am

I could probably help with that. I might even be able to setup a virtualized environment for you to test in.

uroni · December 13, 2014, 3:05pm

Thanks. Will get it ready.

steini · December 18, 2014, 3:35pm

I can also test in a virtual environment. With a Debian vm, a Windows 2003 domain and LDAP. But sometimes ist the time shortish…

uroni · January 4, 2015, 9:15pm

Okay, a version with LDAP support is now available here https://sourceforge.net/projects/urbackup/files/WorkInProgress/ (for testing).

Users will only be able to log in and see their backups once they have one successful file backup with UrBackup 1.5 (and it must be 1.5). The default settings should be for Microsoft Active Directory.

steini · January 19, 2015, 1:41pm

Could you give me please more information about the ldap settings?

uroni · January 20, 2015, 6:29pm

With an AD server you should just have to put in the IP address/name. Perhaps change the “Domain Admin” group to something else such that a different group has admin rights on the UrBackup server.

steini · January 26, 2015, 6:13pm

UrBackup is installed on a mixed stable/testing Debian system. The installations runs fine. But what is required in the followin fields?

LDAP/AD user name prefix
LDAP/AD user name suffix
LDAP/AD group and class query --> “DC=example,DC=com…”
Test login with this user
Password for test user

uroni · January 28, 2015, 9:40pm

What gets prepended to the username when logging in usually “firmenname”.

Can be left empty.

Change to your choice of domain name. E.g. DC=firmenname,DC=de . See also https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/aa746384(v=vs.85).aspx . Same in LDAP/AD group rights map.

You can enter a username/password combination and will see which rights it gets on the web interface.

steini · February 2, 2015, 7:13pm

Thanks a lot for your help.

I use the LDAP Browser from Softerra. It’s for free.

Ok that works for me.

LDAP/AD group and class query --> LDAP Base-DN (distinguishedName)
LDAP/AD user name prefix --> it’s the first domainComponent in Base-DN (distinguishedName)

Now I still need to install the test environment. This will take a little time.