Changing and Testing LDAP Authentication Options

(Available in EFT Server Enterprise)

The LDAP Authentication Options dialog box is used to edit and test EFT Server's connection to the LDAP server after you have configured LDAP Authentication.

To edit or test LDAP authentication settings

In the administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the LDAP Site that you want to configure.
In the right pane, click the General tab.
Next to the User auth manager box, click Configure. The LDAP Authentication Options dialog box appears.
To specify that the user list is to be updated automatically, select the Enable Automatic Refresh every check box, then specify how often you want EFT Server to check the authentication database for new users. Clear the check box if you do not want the Site's user list to refresh automatically. (This setting is inherited from the Server's General Settings on the Server's General tab. Never refresh user list automatically is specified by default.)
In the Server box, type the Server name or IP address.
In the Port box, keep the default port 389 or specify a different port.
In the Base DN box, type the base domain name for the LDAP user database, in the format option=value (e.g.: dc=forest,dc=tree,dc=branch), or click List DNs to complete the box automatically or select from a list.
In the User Filter box, type the search filter information. Refer to Advanced LDAP Filtering for a detailed explanation of LDAP filtering.
In the Attribute box, type a comma-separated list of attributes to retrieve. For example, type:

userPrincipalName,mail,e-mail,name,cn

(Add userprincipalname to the attributes so that the userprincipalname is used for the account name in queries.)
In the User Information area, click one of the following binding methods to define how the client is authenticated:
- Anonymous
- Simple requires a username and password. Note that the username must follow the syntax for the LDAP server that includes the Common Name and the Domain Components of your LDAP server’s distinguished name. For example, the username might be the following:
- cn=Manager,dc=forest,dc=tree,dc=branch
For details of creating complex LDAP filters, refer to Advanced LDAP Filtering.
If you are using SSL, select the Use SSL check box.

You need to have a certificate that includes Server Authentication on the LDAP server you are connecting to. If you install Certificate Services on the domain on which EFT Server is installed, you can request the certificate on the LDAP server. For more information, refer to the Microsoft Support article "How to enable LDAP over SSL with a third-party certification authority."

The LDAP bind password is encrypted in the FTP.cfg file.
To change the advanced options (SSL, timeout, scope, etc.), click Advanced and specify advanced options based on your requirements.
- Set timeout - Specify the connection/query timeout (in seconds). This option coupled with paging can help you avoid timeouts when querying against large directories.
- Set search scope - This specifies the depth of the level to search for under BaseDN.
- - BASE - Only the requested object specified in BaseDN is searched.
  - OneLevel - All of the objects just below this object are searched.
  - Subtree - Searches for all the objects within the specified BaseDN object recursively.
- Turn on referral chasing - If you have referral chasing on, the query returns information for objects that exist in the LDAP structure, but do not actually exist on EFT Server to which you are connected. The query displays bookmarks to entries that exist elsewhere in the network that EFT Server knows about.
- Set LDAP Version - LDAP 2 is widely supported and adds anonymous binding and some filtering. LDAP 3 extends the features of LDAP 2 by adding paging (server side) and more complex filtering.
- Use LDAP server-side page control - Asks EFT Server to limit result sets (or pages) to 1000 at a time or the value specified under Override search page size, if checked. If Use server page control is not selected, client-side paging is used to mitigate timeouts when retrieving large directory listings.
- If you are connecting to a SUN Directory LDAP server, turn off page control.
- Override search page size - Overrides the default page size (1000) for client or server-side page limits. Making the value too large can cause timeouts. Setting the page size too small reduces the overall efficiency.
- Select attributes - Returns only the specified attributes for the user objects found as part of the search query. Specifying only necessary attributes will greatly increase the efficiency of your query (since the filtering occurs on EFT Server side). Add userprincipalname to the LDAP query so that the userprincipalname is used for the account name in queries.
To test your settings, click Test. The query returns information about your LDAP connection
To close the dialog box, click the X in the upper right corner or press ESC.
Click OK to close the LDAP Authentication Options dialog box.
Click Apply to save the changes on EFT Server.

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 15:59:54