Overview
CrashPlan User Directory Sync allows you to automatically manage users in your cloud CrashPlan environment. Once configured, it connects your directory service (for example, Active Directory) to your CrashPlan environment and automatically creates users, updates their organization and role assignments, and deactivates users in CrashPlan based on changes made within your directory service.
When you install the CrashPlan User Directory Sync tool, the installation generates three types of scripts used to control synchronization of users in your directory service with CrashPlan:
-
Active script
Determines when a user is considered active. If the user is new and marked as active, the user is provisioned in CrashPlan. -
Org script
Determines how to assign users to organizations. If a user is provisioned to an organization that doesn't previously exist in CrashPlan, the organization is created and that user is assigned to it. If a user is provisioned without an organization, they will be assigned to the organization defined in the Edit Organization Mapping Method dialog. -
Role script
Determines how a user is assigned roles in CrashPlan based on information for that user from your directory service. A user can be provisioned with one or more roles. If a user is provisioned without any roles specified, the user is created using the default roles configured for their organization in CrashPlan. Ensure the roles you want to manage with the roles script are allowed for use in the Select Roles dialog.
When first installed, the scripts are empty. You must create your own versions of the scripts before you can provision users from your directory service to CrashPlan. This article provides example scripts you can use as the basis for your own scripts.
Considerations
- CrashPlan User Directory Sync scripts are very similar to LDAP scripts. In the examples in this article, replace the CN, DC, and OU values with values matching your directory service environment.
- This article assumes you understand the basics of using scripts to manage users with CrashPlan User Directory Sync. See User management with CrashPlan User Directory Sync.
- If you need help configuring scripts, contact your Customer Success Manager (CSM) to engage the Professional Services team.
Before you begin
Before you can create scripts, install the CrashPlan User Directory Sync tool to a dedicated host computer. After installation, the following empty template files are added in the location where the tool is installed:
- ActiveScript.js
- OrgScript.js
- RoleScript.js
Using the examples below, create your own scripts using these files as a starting place.
To point to the scripts you create, set the following properties in the config.properties file:
- script.active.location
- script.org.location
- script.role.location
After you set these script location properties, the scripts are run when you launch the C42UserDirectorySync
executable with the --sync-now
flag.
Example active scripts
An active script takes the directory service entry for users as its input and returns a boolean value indicating whether or not the users should be active in CrashPlan.
Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in CrashPlan.
Make users from an organizational unit active in CrashPlan
Professional Services filename: Active_script_by_ou.js
The following script selects users within the specified organizational unit and makes them active in CrashPlan.
Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in CrashPlan.
function isActive(entry) {
if (entry.userAccountControl & 0x2 || entry.dn == null) {
return false;
}
if (entry.dn.indexOf("OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return true;
}
return false;
}
Make users from a security group active in CrashPlan
Professional Services filename: Active_script_by_sec_group.js
The following script selects users within the specified security group and makes them active in CrashPlan.
Users outside of the specified entry, or in the specified entry but disabled in the directory service, are deactivated in CrashPlan.
function isActive(entry) {
if (entry.userAccountControl & 0x2 || entry.memberOf == null) {
return false;
}
for (i = 0; i < entry.memberOf.length; i++) {
if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return true;
}
}
return false;
}
Make users with certain attributes active in CrashPlan
Professional Services filename: Active_script_select_attribute.js
The following script selects users who match the specified attributes and makes them active in CrashPlan.
The valueInAttribute
function tests the value of the user's attribute against the list of possible values provided, and returns true if any match. Otherwise, the script returns false.
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the values variable, store a list of values for the above attribute.
var values = [
"CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
"CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org"
];
function isActive(entry) {
// First, check if the user is active and has the desired attribute. If they are not, return false.
if (entry.userAccountControl & 0x2 || entry[attribute] == null) {
return false;
}
// If the user's attribute contains any of the values in the values field, we return true. Otherwise, return false.
return valueInAttribute(entry, attribute, values)
}
// This function compares the values in testValues with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function valueInAttribute(entry, attribute, testValues) {
var entryValues = entry[attribute];
try {
if (typeof entryValues != "object") {
entryValues = [entry[attribute]];
}
} catch (err) {
print("Threw error trying to get " + attribute + " and set it: " + err);
}
try {
for (var i = 0; i < testValues.length; i++) {
for (var x = 0; x < entryValues.length; x++) {
if (entryValues[x].indexOf(testValues[i]) >= 0) {
return true;
}
}
}
} catch (err) {
print("Threw an active script " + attribute + " error: " + err);
}
return false;
}
Example org scripts
An org script takes the directory service entry for the users as its input and returns a string which is the name of the CrashPlan organization into which the users should be placed.
If the specified CrashPlan organization does not exist, it is created in CrashPlan and users are provisioned to it.
Provision users from an organizational unit to a CrashPlan organization
Professional Services filename: Org_script_by_ou.js
The following script selects users from the specified organizational unit and provisions them to the specified organization in CrashPlan.
Unmapped users are provisioned into the "No Orgscript Match" organization.
function getOrgName(entry) {
if (entry.dn == null) {
return "No DN attribute";
}
if (entry.dn.indexOf("OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return "Users";
}
return "No OrgScript match";
}
Provision users from a security group to a CrashPlan organization
Professional Services filename: Org_script_by_sec_group.js
The following script selects users from the specified security group and provisions them to the specified organization in CrashPlan.
Unmapped users are provisioned into the "No Orgscript Match" organization.
function getOrgName(entry) {
if (entry.memberOf == null) {
return "No memberOf attribute";
}
for (i = 0; i < entry.memberOf.length; i++) {
if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return "Example Org";
}
}
return "No OrgScript match";
}
Provision users with certain attributes to a CrashPlan organization
Professional Services filename: Org_script_select_attribute.js
The following script selects users who match the specified attributes and provisions them to the specified organization in CrashPlan.
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the defaultOrg variable, store the name of the org to which users should be sorted if none of the mapped values match their attribute.
var defaultOrg = "Unsorted Users";
// In the valuesMap variable, store a list of attribute values and their corresponding org names.
var valuesMap = [
{
attributeValue: "CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
orgIs: "Security Group"
},
{
attributeValue: "CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
orgIs: "Security Group2"
}
];
function getOrgName(entry) {
// If the user's attribute contains one of the attribute values in valuesMap, return the corresponding org name. Otherwise, return the default org.
return getOrgByTestString(entry, attribute, valuesMap, defaultOrg);
}
// This function compares the values in valuesMap with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function getOrgByTestString(entry, attribute, valuesMap, defaultOrg) {
if (entry[attribute] == null) {
return defaultOrg;
}
var entryValues = entry[attribute];
try {
if (typeof entryValues != "object") {
entryValues = [entry[attribute]];
}
} catch (err) {
print("Threw error trying to get " + attribute + " and set it: " + err);
}
try {
for (var i = 0; i < valuesMap.length; i++) {
for (var x = 0; x < entryValues.length; x++) {
if (entryValues[x].indexOf(valuesMap[i].attributeValue) >= 0) {
return valuesMap[i].orgIs;
}
}
}
} catch (err) {
print("Threw an org script " + attribute + " error: " + err);
}
return defaultOrg;
}
Example role scripts
A role script takes as its input the directory service entry for the users, and returns an array of strings, each one representing a role that the users should have in CrashPlan.
CrashPlan only allows roles to be assigned if they have been selected in the Select Roles dialog in the CrashPlan console.
Give users from an organizational unit a specific role in CrashPlan
Professional Services filename: Role_script_by_ou.js
The following script selects users from the specified organizational unit and gives them the specified role in CrashPlan.
function getRoles(entry) {
if (entry.dn == null) {
return [];
}
if (entry.dn.indexOf("OU=Admins,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return [
"Customer Cloud Admin"
];
}
return [
"Desktop User",
"PROe User"
];
}
Give users from a security group a specific role in CrashPlan
Professional Services filename: Role_script_by_sec_group.js
The following script selects users from the specified security group and gives them the specified role in CrashPlan.
function getRoles(entry) {
if (entry.memberOf == null) {
return [];
}
for (i = 0; i < entry.memberOf.length; i++) {
if (entry.memberOf[i].indexOf("CN=Example Group,OU=Users,DC=example,DC=mycompany,DC=com") >= 0) {
return [
"Customer Cloud Admin"
];
}
}
return [
"Desktop User",
"PROe User"
];
}
Give users with certain attributes a specific role in CrashPlan
Professional Services filename: Role_script_select_attribute.js
// In the attribute variable, store the name of the AD attribute you wish to use for comparison (e.g. memberOf).
var attribute = "memberOf";
// In the defaultRoles variable, store an array of roles that all users should have.
var defaultRoles = [
"PROe User",
"Desktop User"
];
// In the valuesMap variable, store a list of attribute values, and a list of the corresponding roles.
var valuesMap = [
{
attributeValue: "CN=Security Group,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
roles: [
"Customer Cloud Admin"
]
},
{
attributeValue: "CN=Security Group2,OU=Users,OU=Security,OU=Groups,DC=mycompany,DC=org",
roles: [
"Cross Org Help Desk - No Web Restore",
"User Modify"
]
}
];
function getRoles(entry) {
// Start the new role collection with the defaults.
var userRoles = defaultRoles.map(function(role) {
return role;
});
// If the user's attribute contains one of the attribute values in valuesMap, add the corresponding roles to their list. Then, return the list (which contains the default roles plus any roles that were added).
return addRolesByTestString(entry, attribute, valuesMap, userRoles);
}
// This function compares the values in valuesMap with the value of attribute in the user's AD entry. In most cases, you will not need to edit this function at all.
function addRolesByTestString(entry, attribute, valuesMap, userRoles) {
if (entry[attribute] == null) {
return userRoles;
}
var entryValues = entry[attribute];
try {
if (typeof entryValues != "object") {
entryValues = [entry[attribute]];
}
} catch (err) {
print("Threw error trying to get " + attribute + " and set it: " + err);
}
try {
for (var i = 0; i < valuesMap.length; i++) {
for (var x = 0; x < entryValues.length; x++) {
if (entryValues[x].indexOf(valuesMap[i].attributeValue) >= 0) {
userRoles.push.apply(userRoles, valuesMap[i].roles);
}
}
}
} catch (err) {
print("Threw an org script " + attribute + " error: " + err);
}
return userRoles;
}