You might be please to know that the Sesame Disk by Nihao Cloud storage now supports AD and OpenLDAP for Security and SSO. The idea is for you to be able to bring your own LDAP users from your server and thus secure your accounts using the same credentials as the ones people regularly use for day to day work (SSO) on their computers at the office, etc. Let's explain how the system works.
Allow me to stat by saying that the system we use is very mature and has been working for many years now. We can not complain about the customers we have and the growth we have experienced along these year. From the start we have been about providing Security, convenience and reliability. Well for that purpose is that we are releasing this new feature.
LDAP the who?
Just for your own benefit LDAP/ OpenLDAP and Windows Active Directory are the same family of Tree like Database system Protocol and tools. They help keep information stored in the form of a hierarchical tree. It can be used for many purposes, but storing organizations users databases and directories are one of the main usages they have. The more popular forms of this software are Windows Active Directory (AD) made by Microsoft and OpenLDAP which as defined on the official website:
"OpenLDAP Software is an Open Source suite of directory software developed by the Internet community.
OpenLDAP Software is based upon prior work by the University of Michigan."
Taken from: https://www.openldap.org/software/ on July 2021.
Finally on this regard, just to mention how popular it actually is in the market. Nowadays is used by millions of organizations and billions of users if you count the people who do not know they are using it. For instance: Aside from the windows implementations there are various software that use it and/or integrate with it; Zentyal, Samba, Exim, postfix, MySQL and many more. Those are just a small list of packages or technologies that integrate or are able to work with LDAP. Aside you can develop extensions using LDAP in almost every major programming language out there; Python, PHP, C#, Golang, java, etc.
Why would you use this feature?
If you happen to have existing users in your own Windows Active Directory or OpenLDAP running on Linux/unix systems. Well now you can bring those same users as they are and use then to access your files Cloud Storage. By the way The LDAP SSO integration works with all multi user plans and storage sizes in Sesame Disk. Meaning from a few GB to petabytes unlimited of Cloud Storage. No mater if it is for two users to thousands of users.
The system can be used via LDAP from anywhere in the world. Including Chinese Cloud Storage Users as well as of course any where else in the world.
Products supporting AD and OpenLDAP for Security and SSO
While doing all this you can also benefit for all of the standard features. For instance the Seafile Client for synchronization of files. Second the new generation of Pay as you go products Ondemand. Also check our you can find details about products in this link.
How to get AD and OpenLDAP for Security and SSO working?
To start you need to singup for one of the paid plans to be able to use the feature. once this is done you when you go to the billing dashboard, you will see one additional button for LDAP as per the following image.
Here you Click on the button External LDAP Users (SSO). Then you will see a New Window like the following image.
At this point another pop window will open. If this is your first time opening the LDAP connect you will also see the help message with a light blue background. as per the image bellow.
Here you can close the help pop up window, and it will not be displayed by default anymore. Now, let's go over that help message as it has important instruction for the integration to work.
Help for Active Directory AD and OpenLDAP for Security and SSO Integration.
For the system to be able to integrate with your LDAP or Active Directory to give your users SSO on our system. You need to make sure our system is able to read your LDAP/AD Controller. Before you start, please make sure you complete these steps:
First buy the users.
Make sure you have purchased enough users capacity in our system to integrate the users you need. Meaning that if you need to have 10 users with storage, by as many. Now, with that said you can always start small and add more as you need. Keep present that our teas system will apply here for the pricing.
Second give us access
Give our IPs (servers) access to the server and/or relevant firewalls in your network. This servers need to be able to reach the LDAP servers via TCP. We have various ways to secure the communications over internet like SLL/TLS encryption. That should be more than enough for most organizations. If you have higher security requirements, we can also create VPN connections to the network of our VIP customers. Your security is very important to use, therefore on this regards we are very flexible.
Third create a user in your own LDAP.
Create a user in your LDAP/DC with access to read the users you intend to integrate with our system. This is the user that our system's LDAP reader needs to read and keep your users updated. It does not need to be admin of you directory, just having read of ID, name(s), email and password should suffice in most cases.
Fourth and final configure and test.
Fill up the config form and make sure you press "Test connection". The system will tell you if it can connect to your DB or not. Lastly in case of error will try to tell you why it failed.
After this Four steps you should be good to go!
Here is the form to configure with the above parameters:
Once the test is successful, you should be good to go and then you should be able to import your own user. You can click on the "Back" Button and proceed to synchronize users. There you will be given options to chose from all the users that your LDAP user has access to read. there you will have options to manage what users to integrate, etc.
If you find any issues reach-out to support and we will get you sorted.