On large complicated networks such as a university campus, the in-built user and group sync option might not meet user and group syncing requirements. For example, this may be a university campus that has its own user directory database or manages multiple systems across multiple campuses/intake years. PaperCut NG/MF may be extended to support custom user directories and authentication sources.
PaperCut NG/MF hands off user, group, and user authentication tasks to a separate executable (program or process). The executable must accept a set of commands as command-line arguments and return the answer in a tab-delimited prescribed format on standard output.
For more information on the format, see Custom user directory information providers .
The source code for the standard PaperCut NG/MF-supplied User Directory Information Provider is also supplied as part of the installation, as a reference implementation. The source code is provided in ~/server/examples/providers/.
We encourage organizations that want to build a custom User Directory Information Provider to contact the PaperCut NG/MF development team. They are more than happy to help.
Summary of configuring custom user and authentication programs
In summary, there are two things to configure for the custom programs to work with PaperCut NG/MF. We recommend the following order.
- In the
security.propertiesfile configure the security.custom-executable.allowed-directory-list key. - Restart the PaperCut Application Server .
- In the PaperCut NG/MF Web admin interface, in Options > User/Group Sync page, set the primary sync source and type the executable names .
After the configuration is complete, PaperCut NG/MF will search the directory(s) listed in the security.properties file for the executable name you specified in the admin interface.
Configure the security.custom-executable.allowed-directory-list key
For security reasons the directory where custom authentication programs are stored needs to be granted and approved by editing the security.properties file.
-
In any operating system, open the
[app-path]/server/security.propertiesfile.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the security.properties file.
macOS/Linux
We recommend using
sudoorsuto open the file in your favorite editor as root. -
Find the
security.custom-executable.allowed-directory-listkey. -
At the end of the key, type the full path, or multiple full paths separated by semicolons, to the directory(s) that the executable file(s) are saved in.
- Do not use relative paths.
- Do not include the name of the executable. (That’s set in the admin UI .)
For Windows paths using backslashes, enter each backslash as a double backslash (\). Spaces are OK. Always add slashes to the end of the path.
Examples:
- Linux: /custom/;/custom/subfolder/;
- Windows: C:\\folder\\;c:\\apps\\
-
Save the
security.propertiesfile.
Set the primary sync source and custom program executable names in the admin interface
-
Go to Options > Users/Group Sync.
-
In the Sync Source section, in the Primary sync source dropdown select Custom program (Advanced).
-
In the Custom user program field, type the name of the executable including the extension, that is saved in the directory you specified in the
security.user-source-custom-program.allowed-directory-listkey.Example:
userDir.bat -
In the Custom auth program field, type the name of the executable including the extension, that is saved in the directory you specified in the
security.auth-source-custom-program.allowed-directory-listkey.Example:
externalAuth.bat -
Click Apply.
-
Test your user sync and authentication and ensure they work as expected.
Comments