Choose your language

Choose your login


Synchronize and authenticate user and group details with custom programs

This page applies to:

On large complicated networks such as a university campus, the in-built user and group sync option might not meet user and group syncing requirements. For example, this may be a university campus that has its own user directory database or manages multiple systems across multiple campuses/intake years. PaperCut NG/MF may be extended to support custom user directories and authentication sources.

PaperCut NG/MF hands off user, group, and user authentication tasks to a separate executable (program or process). The executable must accept a set of commands as command-line arguments and return the answer in a tab-delimited prescribed format on standard output.

For more information on the format, see Custom user directory information providers .

The source code for the standard PaperCut NG/MF-supplied User Directory Information Provider is also supplied as part of the installation, as a reference implementation. The source code is provided in ~/server/examples/providers/.

We encourage organizations that want to build a custom User Directory Information Provider to contact the PaperCut NG/MF development team. They are more than happy to help.

Summary of configuring custom user and authentication programs

In summary, there are two things to configure for the custom programs to work with PaperCut NG/MF. We recommend the following order.

  1. In the file configure the security.custom-executable.allowed-directory-list key.
  2. Restart the PaperCut Application Server .
  3. In the PaperCut NG/MF Web admin interface, in Options > User/Group Sync page, set the primary sync source and type the executable names .

After the configuration is complete, PaperCut NG/MF will search the directory(s) listed in the file for the executable name you specified in the admin interface.

Configure the security.custom-executable.allowed-directory-list key

For security reasons the directory where custom authentication programs are stored needs to be granted and approved by editing the file.

  1. In any operating system, open the [app-path]/server/ file.


    a. In the Start menu, right-click Notepad and select Run as administrator.

    b. From the File menu select Open.

    c. Browse to and open the file.


    We recommend using sudo or su to open the file in your favorite editor as root.

  2. Find the security.custom-executable.allowed-directory-list key.

  3. At the end of the key, type the full path, or multiple full paths separated by semicolons, to the directory(s) that the executable file(s) are saved in.

    For Windows paths using backslashes, enter each backslash as a double backslash (\). Spaces are OK. Always add slashes to the end of the path.


    • Linux: /custom/;/custom/subfolder/;
    • Windows: C:\\folder\\;c:\\apps\\
  4. Save the file.

  5. Restart the PaperCut Application Server .

Set the primary sync source and custom program executable names in the admin interface

  1. Go to Options > Users/Group Sync.

  2. In the Sync Source section, in the Primary sync source dropdown select Custom program (Advanced).

  3. In the Custom user program field, type the name of the executable including the extension, that is saved in the directory you specified in the security.user-source-custom-program.allowed-directory-list key.

    Example: userDir.bat

  4. In the Custom auth program field, type the name of the executable including the extension, that is saved in the directory you specified in the security.auth-source-custom-program.allowed-directory-list key.

    Example: externalAuth.bat

  5. Click Apply.

  6. Test your user sync and authentication and ensure they work as expected.