Skip to main content
Contact Support

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, yes.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to on-premises authority server version 5.


Note: This server version is no longer supported.


Other available versions:

Current on-premisesLink: What version am I on?

Code42 Support

Integrate with LDAP for user authentication

  1. Last updated
  2. Save as PDF

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to on-premises authority server version 5.


Note: This server version is no longer supported.


Other available versions:

Current on-premisesLink: What version am I on?

Overview

This tutorial explains how to enable basic user authentication via LDAP for your Code42 environment. For information on advanced LDAP configuration options, see User Management With LDAP Integration.

Before you begin

  • This article assumes you are familiar with basic LDAP principles.
  • An on-premises master server is required for use with LDAP.
  • An LDAP user account with read and search permissions is required for your master server to bind to your corporate directory service.
  • The following roles include the privileges to configure LDAP settings:
    • SYSADMIN role
    • Server Administrator role

Considerations

  • LDAP integration can cause existing Code42 CrashPlan (previously CrashPlan PROe) users to be deactivated in the following situation:
    1. A user account has been created in a given organization in your Code42 environment
    2. LDAP integration is activated for that organization
    3. A corresponding user account does not exist in the LDAP schema
  • Your Code42 servers do not store or cache the user password from LDAP in a local database.
  • Code42 CrashPlan never writes any information to LDAP.
  • The master server periodically synchronizes with the LDAP server(s) to run the Active, Org name, and Role scripts. The scripts determine if any changes need to be made based on the user's current attributes and group membership. A user that is removed from LDAP is automatically deactivated during synchronization. The default synchronization interval is once every 12 hours.
  • Mapping to a non-unique attribute can cause duplicate CrashPlan users with different usernames. For example, if you use the mail attribute for Username and the user has multiple email addresses listed in LDAP, a CrashPlan user is created for each email address.
Adding Code42 platform users
LDAP integration helps to manage users, but it does not create them on its own. Create users alongside LDAP integration in one of three ways:

Step 1: Add an LDAP server to your master server

On the master server:

  1. Sign into the Code42 console.
  2. Go to Settings > Security > LDAP.
  3. Click Add to add a new LDAP server.
  4. Enter the following values:
    • Server Name: Name for your LDAP server
    • URL and search base: LDAP URL and search base for all queries
    • Bind DN and password (if required to search): A fully-qualified, distinguished account for Bind DN.
      • Bind DN example:
        uid=admin,ou=admins,dc=company,dc=com
      • Bind DN example for Active Directory:
        DOMAIN\exampleuser
    • Search Filter: The parameter specified before the ? is the attribute used to identify the Code42 environment user.
      • Example LDAP filter to identify the user with UID:
        (&(objectclass=person)(uid=?))
      • Example LDAP filter to identify the user with email:
        (&(objectclass=person)(email=?))
      • Example AD filter to identify the user with AD login name:
        (&(objectclass=person)(sAMAccountName=?))
    • Attribute Mapping: LDAP attributes to use for the Code42 environment user account fields:
      • Email
      • First name
      • Last name
        TIP: Use the username search field at the bottom to search or scroll through the list of users returned to check your settings.
  5. Click Save.

Step 2: Enable LDAP for your Code42 environment

Once your LDAP server is added to your master server, configure your Code42 environment to use the LDAP server for authentication. You can enable LDAP authentication system-wide for all organizations that inherit settings from the system-wide organization, or you can enable LDAP authentication only for specific organizations.

Before you begin

  • Verify that the users in the organization(s) exist in LDAP.
  • Verify that the Code42 environment usernames match an LDAP attribute.

Option A: Enable LDAP for a specific organization

  1. Sign in to the Code42 console on your master server.
  2. Navigate to Organizations, then select the organization.
  3. From the action menu, select Edit.
  4. Click Security.
    Configure an organization to use LDAP
  5. Deselect Inherit security settings from parent.
  6. From Select an authentication method, choose LDAP.
  7. From Select a directory service, choose LDAP.
    The configured LDAP servers appear.
  8. Select the LDAP server that you want to offer for the organization.
  9. Click Save.

Option B: Enable LDAP for all organizations

Modify the system-wide organization settings to enable LDAP for all organizations.

Disabling inheritance
If inheritance is disabled for an organization, that organization is not affected by changes to its parent organization.

  1. Sign in to the Code42 console on your master server.
  2. Navigate to Settings > Organization > Security.
  3. From the action menu, select Edit.
  4. Click Security.
  5. From Select an authentication method, choose LDAP.
  6. From Select a directory service, choose LDAP.
    The configured LDAP servers appear.
  7. Select the LDAP server that you want to offer for the organization.
  8. Click Save.