Default Virtual Directory Mapping for LDAP Users
The Default Virtual Directory Mapping modes work as follows:
- Global Home - Every LDAP account will use the directory specified under the “Global Home” edit box as the FTP root. This is the simplest option, and every LDAP user is assigned this one directory as their root folder. The Cerberus permissions on this folder can be restricted through the Permissions button to the right of the Global Home edit box.
- Global Home\%USER% - Every LDAP account will use a subdirectory off of the “Global Home” directory that is the same as the account’s name. This directory will be created automatically if it doesn’t exist when the user logs in. The Cerberus permissions on this folder can be restricted through the Permissions button to the right of the Global Home edit box.
- LDAP User Attribute - Every LDAP account will use the directory attribute defined here to determine what virtual directories to add to their account.
This directory attribute can have multiple values, and each value will be added as a separate virtual directory.
The default value will be a valid Windows directory path. By default, the last directory of the file path will be used for the virtual directory name, and the user will have full permission to the directory path.
The value can be customized into 3 separate components to customize the added virtual directory path into a full directory path, a virtual directory name, and permissions set for the virtual directory.
You can separate each component by the pipe character or an asterisk.
For example, the value for the attribute could be:
C:\ftproot\user\andrew*home*65523
The first part is the directory path, the second is the directory name, and the third is a bitmask indicating the permissions the user has for that virtual directory.
The directory permissions field for a virtual directory is a simple bit mask. Permissions have the following values:
File Permissions | Value |
LIST FILES | 64 |
RENAME FILES | 32768 |
DELETE FILES | 8192 |
Directory Permissions | |
LIST DIRECTORIES | 32 |
RENAME DIRECTORIES | 16384 |
DELETE DIRECTORIES | 4096 |
CREATE DIRECTORIES | 16 |
General Permissions | |
UPLOAD | 2 |
DOWNLOAD | 1 |
DISPLAY HIDDEN FILES | 128 |
SHARE DOWNLOAD | 1024 |
SHARE UPLOAD | 2048 |
ZIP | 256 |
UNZIP | 512 |
Retired Permissions | |
RENAME* | 4* |
DELETE* | 8* |
Just add the values up to achieve the desired permissions. e.g., Download, Upload, Rename Files, and Delete Files permissions would be (1 + 2 + 32768 + 8192) = 40963.
Granting all permissions would be 65523.
- Use Default Group Directories and Permissions - The specified Cerberus Group will be used to determine what directories and what settings to apply to the LDAP user when they log in, including any security requirements associated with the group. Select which group you want to use as your Default group from the "Default Group" dropdown.
Comments
0 comments
Please sign in to leave a comment.