This site hosts the documentation for CrashPlan PROe version 3.8.2010.
Looking for documentation on PROe version 3, released in April of 2012? Please visit our
current documentation.
Click on the “Servers” tab at the top of any page.
Click on the “Server Settings” link on the left sidebar.
Click on the “LDAP Settings” link that appears on the left sidebar.
Uncheck the “Authenticate with LDAP” and enter your LDAP
URL. If you don't know the
URL, ask your LDAP administrator. It will look something like this:
ldap://myaod.mydomain.com:389/dc=mydomain,dc=com
Note: If there are spaces in your search base, then you must escape them with the %20 code. For example, if you are using “ou=my organizational unit,dc=mydomain,dc=com” as your search base, your search base URL is:
ldap://myaod.mydomain.com:389/ou=my%20organizational%20unit,dc=mydomain,dc=com
Bind DN: Many servers allow you to search the directory anonymously so you may not need an authorized Distinguished Name (DN) and password. But if you do need it, the password is stored encrypted in your CrashPlan PRO database so it won't be easily hacked. Spaces are allowed in the Bind DN.
When you've clicked the “Submit” button, it will save your settings and attempt to connect to your server. If you can't connect, it will display the raw error message to help you debug the problem. Also, check out the Troubleshooting section below.
Once you've connected to the LDAP server successfully click on the “Attribute Mappings and Person Lookup” link at the bottom of the LDAP settings page.
Skip the “Directory Lookup” box for now and look at the “LDAP Person Fields” box.
The only critical entry field here is the “Person Search String”. This uses a standard LDAP search string that you can customize if needed. Assuming you are using the users email address for their CrashPlan identifier the default should work fine. Here is an example person search string that also limits the scope of the classes searched:
(&(objectClass=inetOrgPerson)(mail=?))
… which means: find an object of class inetOrgPerson with a mail attribute equal to the email address the user logs in with.
| attribute | comment |
| uid | A short username like jsmith - almost always populated |
| givenName | First name - used during registration to populate the internal PRO Server db |
| sn | Last name (sur-name) - used during registration to populate the internal PRO Server db |
| mail | E-mail address |
| cn | Common name - most object classes use the cn attribute |
If you changed anything, click the “Submit” button.
Now go back to the “Directory Lookup” box and enter an email address into the “Lookup Value” field. You should know this address exists in your LDAP database.
Enter a password if you know it.
Click the “Test Lookup” button. If it was found successfully the found values will show up next to the person fields in the bottom box. If you entered the right password you will see “match” in green next to the password field.
PRO Server can assign a user to an organization when they register. Once they are registered you can use the web administration console to move users to a different organization. Once assigned, PRO Server does not move users between organizations (even if their org changes in LDAP) without manual intervention.
You can make multiple custom installers with different organization codes. If you have a handful of orgs and are pushing out the installation to one organization at a time, then that's a good option. Here's the
custom installer page
If your directory has a person attribute that specifies the org name, you can do push installs and have the users registered into a CrashPlan org with the same name. At least one of our big customers is doing it that way. They use the “l” (location”) person attribute for their org name.
If each user is listed in an LDAP groupOfNames object that correlates to your org mappings you can use an attribute from that groupOfNames object for their org name. The downside is that if the user is in multiple groupOfNames objects PRO Server will just use the first one it finds for the users org.