Overview
Connecting your directory service to your CrashPlan environment is an important step in making sure the right users have access to the correct CrashPlan functionality. When you integrate CrashPlan User Directory Sync with your environment, CrashPlan periodically syncs with your LDAP infrastructure. This article describes the syncing process in detail.
What is the CrashPlan User Directory Sync
CrashPlan User Directory Sync is a provisioning tool that you install on a dedicated computer. Once configured it connects your directory service to your CrashPlan environment and automatically creates users, updates their organization and role assignments, and deactivates users in CrashPlan based on changes made within your directory service. CrashPlan User Directory Sync is built using the LDAP version 3 standard, and it integrates with Microsoft Active Directory.
How to configure
Contact your Customer Success Manager (CSM) to engage the Professional Services team for a link to download the User Directory Sync tool installation file.
To configure User Directory Sync, install the User Directory Sync tool to a dedicated server within your organization's environment and configure User Directory Sync in the CrashPlan console. For complete instructions, see Configure CrashPlan User Directory Sync (CrashPlan).
What it does
When CrashPlan synchronizes with a directory service, CrashPlan User Directory Sync performs the following actions:
- Authenticates (binds) with the directory service
- After the initial sync, User Directory Sync only processes a user if a change is made to user attributes in the directory
- Operates in read-only mode on the directory service
- Receives the user information from your directory service via LDAP, translates it, and uses SCIM protocol to send the user information to CrashPlan
- Creates users to match users in your directory data:
- Creates new users in your CrashPlan environment
- Activates or deactivates users based on the active script
- Moves users to appropriate organizations based on the org script
- Applies roles to users based on the role script and role mapping
- Uses configuration properties to adjust user attributes in your CrashPlan environment to match user data in your directory service:
- Common name (First Name)
- Country code
- Department
- Direct reports
- Division
- Employee type
- Given name
- Last name
- Locality (City)
- Manager
- Region (State)
- Search UID
- Title
- Username (Email)
For instructions on synchronization, see Run synchronization for CrashPlan User Directory Sync.
What it does not do
- Initiate communication with the directory service
To initiate communication, run the User Directory Sync using a scheduling service, which is not included. - Create new entries in the directory service
- Modify the directory service
History
You can view the results of past LDAP syncs in your CrashPlan console at Administration > Settings > Identity Management in the Sync Log tab. For more details, refer to the Identity management reference (CrashPlan).
Logs
Activity appears in the ldapConnector.log file in the location where the CrashPlan User Directory Sync tool is installed.
To view the log files:
- Sign in to the device where CrashPlan User Directory Sync is located.
- Go to /C42UserDirectorySync-<version>/logs
- Select one of the ldapConnector.log files.
Your CrashPlan environment creates a new file each time CrashPlan User Directory Sync runs or if the file reaches a certain size. The current application log is ldapConnector.log. Older logs are signified by ldapConnector.1.log, and so on.
External resources
- ZYTRAX: LDAP for Rocket Scientists
- Microsoft: Active Directory Domain Services