Authenticating against Microsoft Active Directory server
Posted by Van Glass on 27 March 2007 07:04 PM
Microsoft Active Directory is an LDAP service. Therefore, to use Active Directory for authentication purposes you may use any of the LDAP service types provided in the Authentication node of JSCAPE MFT Server Manager. |
Prior to using LDAP you must first verify that you have Active Directory installed on the server you are authenticating against. To see if it is enabled on the server go to Start > Programs > Administrative Tools. Here you should see an option named "Active Directory Users and Computers". If you do not see this then it is likely you don't have Active Directory installed/configured on this server.
Assuming Active Directory is installed, when opening "Active Directory Users and Computers" you should see a server node (zone) with a name like "ad.domain.com" or something similar. Beneath this node you should see a "Users" folder that has all your users defined.
Nex, open JSCAPE MFT Server Manager and click on Authentication node. Set service type to "LDAP User Authentication". As an example the values entered may be as follows:
User DN: CN=%username%,CN=Users,DC=ad,DC=domain,DC=com
Create account in: c:\tmp\ftpserver\users
The above assumes that your LDAP server IP is 22.214.171.124 and is running on port 389 with domain node of ad.domain.com. Naturally you can change this to meet your server configuration. The "Create account in" option will automatically create a folder in the c:\tmp\ftpserver\users directory the first time a user successfully authenticates with the server. For example, if user "jsmith" authenticates successfully then it would create the folder c:\tmp\ftpserver\users\jsmith and place the user in this folder when they login. Using the "Create account in" option is an easy way to avoid having to manually create accounts.
To test click the "Test service" button on this panel and enter a valid username/password for the Active Directory service.
Note: You may need to change your server firewall configuration to allow inbound requests on port 389. If needed this can be done via Control Panel > Network Connection ... right click on network interface, Properties > Advanced > Settings and adding port 389 to the Exceptions list.