Advanced Topics

Connect Your File Server

The way to connect the file servers are different, depending on where the file server is.

The file server can be sitting in the same Local Area Network (LAN) as the CentreStack Server. In this case, the direct network share connection is the best. Usually this is combined with setting up direct LDAP connection to the Active Directory.


The file server can also be remote, away from the CentreStack server, at the customer’s premise. In this case, the best is to use file server agent. File server agent will be installed on the file server, and it is capable of connecting the customer’s Active Directory and sync both folder content and active directory over HTTPS. In this case, in the user interface, you will see “Proxied AD User” to indicate that the Active Directory user or group is coming from the file server agent.


The best way to start using file server agent to connect to remote file server is to start with the migration wizard from the web portal.


Files and Folder Permission

If your files and folders are on a file server in the same Local Area Network (LAN) as the CentreStack server, the best way to manage file and folder permission is to delegate it 100% to the NTFS permission. In the “Storage Manager”, when attach local storage, there is an option “Always access the storage using logon user identity”, This option can be used to delegate file/folder permission check directly to NTFS.


If you are not using native NTFS permission. For example, you are on cloud storage services such as Amazon S3 or OpenStack Swift, you can use CentreStack folder permission.


Setting up Active Directory

When the Active Directory is in the Local Area Network (LAN), LDAP can be used to connect to the Active Directory. There are several cases here, - sometimes you want the user account be automatically provisioned so it is easy for the administrator. - sometimes you want the user account be limited to a specific AD group, but still automatically provision the user’s account when the users are in the AD group. - sometimes you want the user account be limited to a specific Organization Unit.

AD account auto provision

This is the default setting in the Advanced -> Active Directory Settings

As long as the “Don’t allow user auto-creation” is not checked, Active Directory users will be allowed to go to the web portal and login. The first time the user logs in, its CentreStack account will be automatically provisioned.


AD account auto provision, limiting to Organization Unit

The organization unit field can be used to further limit the Active Directory user account that can be automatically provisioned.


The format of the organization unit is the OU’s distinguishedName minus the DC suffix.

For example, the following OU’s property is: distinguishedName => OU=tenant11,DC=tsys,DC=gladinet,DC=com

when it is put into the OU field, the DC suffix can be removed so only OU=tenant11 is required




AD account auto provision, limiting to a specific AD group

From the user manager, you can import AD group and the users in the AD group will be able to get account automatically provisioned.


Here is a demo video for Import AD group