Skip to main content
Code42 Support

How LDAP sync works

Available in:

  • CrashPlan PRO
    • Standard
    • Premium
    • Enterprise
Applies to:

Overview

When your Code42 environment integrates with LDAP, your authority server periodically syncs with your LDAP infrastructure. This article describes the LDAP syncing process in detail.

For general information on the LDAP options in your Code42 environment, see the LDAP reference.

Before you begin

You should be familiar with LDAP and the LDAP basics within the Code42 environment in order to fully leverage the information in this article.

LDAP sync basics

General overview

Your Code42 environment's authority server regularly syncs with your configured LDAP server(s). You can configure the sync interval in the Code42 administration console at Settings > Security > LDAP. You can also manually trigger a sync from the administration console:

  1. Click Settings.
  2. Choose Security.
  3. Select LDAP.
  4. Under the Synchronization section, click Synchronize Now.

LDAP settings

LDAP sync: What it does

When your authority server syncs with an LDAP server, the authority server performs the following actions:

  • Initiates communication with the LDAP server
  • Authenticates (binds) with the LDAP server
  • Makes an LDAP query for each user in the Code42 environment
  • Operates in read-only mode on the LDAP server
  • Adjusts user data in your Code42 environment to match your LDAP data:
  • Changes the following user information in your Code42 environment if the corresponding fields have changed in the LDAP directory:
    • Email
    • First name
    • Last name

LDAP sync: What it does not do

Certain actions that an authority server will never perform as part of LDAP syncing:

  • Add new users to LDAP or to your Code42 environment
  • Create new entries in the LDAP database
  • Modify the LDAP database
  • Modify user info within the Code42 environment based on changes to entries in the LDAP server, other than the fields mentioned above.
No changes logged in LDAP sync history
If there have been no changes to users, organizations, or roles, the Code42 environment does not display anything in LDAP Sync History and does not send out a synchronization email.

History

You can view the results of past LDAP syncs in your administration console at Settings > Security > LDAP > History. For more details, refer to the LDAP Overview reference.
directory sync history

Simulate synchronize

You can view the potential results of an LDAP sync using Settings > Security > LDAP > Simulate Synchronize. For more details, refer to the LDAP Overview reference.

directory sync entry example

Simulated synchronization results are emailed to the addresses configured in Settings > Notifications.

The results are also stored in the authority server's log files. Review these results by searching for DIRSYNC in the log files. For example, on Linux:

root@omega:~# tail -f /var/log/proserver/com_backup42_app.log.0 | grep DIRSYNC
[07.10.14 13:27:33.207 INFO    jetty-web-3217       ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Submitting for orgs: , [2,3]
[07.10.14 13:27:33.217 INFO    jetty-web-3217       .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Running for org:2/Default
[07.10.14 13:27:33.270 INFO    jetty-web-3217       .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Completed for org:2/Default users:2, deactivated:1, activated:0, moved:0, rolesChanged:0
[07.10.14 13:27:33.271 INFO    jetty-web-3217       ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Summary for orgIds:, [2,3], users:2, deactivated:1, activated:0, moved:0, roleChanges:0, simulated:true
[07.10.14 13:27:33.271 INFO    jetty-web-3217       com.backup42.history.CpcHistoryLogger   ] HISTORY:: Subject[1/admin, orgId:1] DIRSYNC:: Blocking and deactivating user:5/jdoe@code42.com in org:2/Default simulated:true
[07.10.14 13:27:33.412 INFO    jetty-web-3217       ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: summary email sent to:[todd+vm@code42.com], users:2, deactivated:1, simulated:true

LDAP activity logs

LDAP activity appears in com_backup42_app.log.[0-9], which is located in the Code42 server log directory:

  • Linux: /var/log/proserver
    Applies to Code42 servers installed as root on Ubuntu
  • Windows: C:\Program Files\CrashPlan PROe Server\logs

Using your favorite text editor or textual search tool (e.g., grep in Linux/Unix), search for the keyword "DIRSYNC".

For example, from a terminal window in the Linux operating system, you could enter the following command to find all LDAP related entries in the latest log file:

root@omega:/var/log/proserver# grep DIRSYNC com_backup42_app.log.0
[07.07.14 16:50:50.567 INFO    jetty-web-665        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Running for org:2/Default
[07.07.14 16:50:50.579 INFO    jetty-web-665        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Completed for org:2/Default users:2, deactivated:0, activated:1, moved:0, rolesChanged:0
[07.07.14 16:50:50.580 INFO    jetty-web-665        ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Summary for orgIds:, [2,3], users:2, deactivated:0, activated:1, moved:0, roleChanges:0, simulated:false
[07.07.14 16:50:50.580 INFO    jetty-web-665        com.backup42.history.CpcHistoryLogger   ] HISTORY:: Subject[1/admin, orgId:1] DIRSYNC:: Unblocking and activating user:5/jdoe@code42.com in org:2/Default simulated:false
[07.07.14 16:50:50.661 INFO    jetty-web-665        ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: summary email sent to:[todd+vm@code42.com], users:2, deactivated:0, simulated:false
[07.07.14 16:52:24.008 INFO    jetty-web-666        ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Submitting for orgs: , [2,3]
[07.07.14 16:52:24.012 INFO    jetty-web-666        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Running for org:2/Default
[07.07.14 16:52:24.017 INFO    jetty-web-666        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Error synchronizing 2/toddojala, SYSTEM com.code42.core.directory.DirectoryException: Exception while attempting to search LDAP
[07.07.14 16:52:24.026 INFO    jetty-web-666        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Error synchronizing 5/jdoe@code42.com, SYSTEM com.code42.core.directory.DirectoryException: Exception while attempting to search LDAP
[07.07.14 16:52:24.027 INFO    jetty-web-666        .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Completed for org:2/Default users:2, deactivated:0, activated:0, moved:0, rolesChanged:0
[07.07.14 16:52:24.027 INFO    jetty-web-666        ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Summary for orgIds:, [2,3], users:2, deactivated:0, activated:0, moved:0, roleChanges:0, simulated:false
[07.08.14 05:39:37.658 INFO    GuiceCoreRuntime 13  ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Submitting for orgs: , [2,3]
[07.08.14 05:39:37.663 INFO    GuiceCoreRuntime 13  .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Running for org:2/Default
[07.08.14 05:39:37.678 INFO    GuiceCoreRuntime 13  .directory.impl.sync.DirectorySyncOrgCmd] DIRSYNC:: Completed for org:2/Default users:2, deactivated:0, activated:0, moved:0, rolesChanged:0
[07.08.14 05:39:37.678 INFO    GuiceCoreRuntime 13  ore.directory.impl.sync.DirectorySyncCmd] DIRSYNC:: Summary for orgIds:, [2,3], users:2, deactivated:0, activated:0, moved:0, roleChanges:0, simulated:false

The actual messages you see in your log files depend on the LDAP settings and activity in your Code42 environment.

Log files
Your Code42 environment rotates log files when they reach a certain size. The current application log is com_backup42_app.log.0. Older logs are signified by com_backup42_app.log.1, and so on.

Change the logging level

You can change the logging level for LDAP activity in your authority server in order to gather troubleshooting information.

To log the most detailed information, enter the following command in the administration console CLI:

log com.code42.core.ldap trace

The logging level returns to the default level (info) when the Code42 server restarts. You can manually change the LDAP logging level back to default with the following command in the administration console CLI:

log com.code42.core.ldap info

For more information on the log command, see the Administration console Command-Line Interface reference.

External resources

In order to fully take advantage of a Code42 environment integrated with LDAP, learn more about LDAP from other resources, such as: