Rake task for configuring LDAP on Shares

Rake tasks are scripts that allow you to retrieve, delete or update information on your Shares server using the command line. Rake tasks can perform actions on user accounts, shares and nodes. This article describes the rake task available for configuring LDAP. For more general information on Shares rake tasks see this article (Shares rake tasks).

You can use a rake task to configure Shares to connect to a directory service using LDAP (Lightweight Directory Access Protocol). This allows directory users to log in and use Shares with their directory credentials. The directory service databases that Shares supports are the following:

  • Active Directory (AD)
  • Apple Open Directory
  • Fedora Directory Server
  • Open LDAP
Note that Shares has a local database which will still store any users you add locally.

Usage

The syntax for the rake task is the following:

Rake tasks must be run from within the appropriate location in the shares folder:
  • Linux Shares 1.8 and later: /opt/aspera/shares/u/shares/bin
  • Linux Shares earlier than 1.8: /opt/aspera/shares/u/shares
  • Windows: C:\Shares\www
Windows
rake data:ldap_config -- [options]

Shares 1.8+

./run rake data:ldap_config -- [options]

Shares earlier than 1.8
bundle exec rake data:ldap_config -- [options]

 

The available options are the following:

option values description

--directory_type dir_type

 

 

  • ActiveDirectory
  • OpenDirectory
  • FedoraDirectoryServer
  • OpenLdap

The type of directory service (required).

 

 

--name  name   A name to give this directory service (required).
--description descr   A description of this directory service.
--host host   The directory's host address (required).

--port port

 

 

 

 

 

The directory’s port number. By default LDAP over simple

TLS uses 636, unsecured uses 389, unsecured global catalog

uses 3286 and global catalog over SSL uses 3269 (required).

--base_dn base_dn  

The base of the directory tree from which users will be searched

for.

--authentication_method method
  • anonymous
  • simple

The type of authentication for connecting to the directory

service (required).

--username username  

Your directory service user name, which is typically a

Distinguished Name (DN). Only required when the

authentication method is set to simple.

--password password  

The password for your directory service user. Only required

when the authentication method is set to simple.

--encryption type

 

  • unencrypted
  • simple_tls

The type of encryption used on LDAP traffic

(default: unencrypted).


Example

In order to configure a connection to an Active Directory database using simple authentication and TLS encrypted LDAP traffic, the rake task might look like the following:

rake data:ldap_config -- --directory_type ActiveDirectory --name test_dir --host ldap.aspera.us --port 1234 
--base_dn OU=AsperaDirectory,DC=aspera,DC=asperasoft,DC=com --authentication_method simple --username user1
--password 3x@mp13_p@zzw0rd --encryption simple_tls
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk