In EFT Server Enterprise, you can create an LDAP-authenticated Site and connect to an LDAP server. To enable LDAP SSL, you need to have a certificate that includes Server Authentication on the LDAP server you are connecting to. If you install Certificate Services on the domain that you install EFT Server, you can request the certificate on the LDAP server. For more information, refer to the Microsoft Support article "How to enable LDAP over SSL with a third-party certification authority."
When you create a Site that uses LDAP authentication, you will need to provide the following information:
IP address/Domain Name of the LDAP server
Port of the LDAP server. The default is port 389; port 636 for SSL (Secure Sockets Layer, a protocol designed and implemented by Netscape Communications, provides for encryption of a session, authentication of a server, and optionally a client, and message authentication.) connections.
Base DN base distinguished name that specifies the necessary domain components of the LDAP server. Some LDAP systems, such as Sun ONE Server and Microsoft’s Active Directory server, require the organizational unit ("ou") that houses the users on that LDAP server to be included in the BaseDN to allow users to authenticate successfully. The organizational unit is the parent object that contains the user objects. For example, if the classObject that holds user accounts is person, the hierarchical parent node/container could be the organizational unit people. If the organizational unit is required by your LDAP server, prepend it to the distinguished name. For example:
With Organizational Unit:
ou=people,dc=forest,dc=tree,dc=branch
Without Organizational Unit:
dc=forest,dc=tree,dc=branch
User Filter that EFT Server uses to query the LDAP server for a list of users. The default setting is:
objectClass=person
This finds the LDAP entries that are part of the objectClass person; that is, it retrieves the users on the LDAP server that belong to the person ObjectClass.
Attribute that denotes user names in the LDAP database. This allows you to specify the attribute from the queried list of users that denotes user names. Commonly used attributes are cn or uid.
User Information defines how the client is authenticated. When you configure an LDAP Site, you are asked to choose one of the following binding methods:
Anonymous
Simple requires a username and password. Note that the username must follow the syntax for the LDAP server that includes the Common Name and the Domain Components of your LDAP server’s distinguished name. For example, the username might be the following:
cn=Manager,dc=forest,dc=tree,dc=branch
Advanced Options - You can specify SSL encryption and the frequency with which the user list is refreshed.
|
|
When you use LDAP as the authentication method, EFT Server pulls the user account list and the authentication from the LDAP Server. Group (Allows the administrator to define access permissions to files and folders. Just as Settings Templates control access to EFT Server resources such as bandwidth allowances and connectivity privileges, Groups control access to folders. See virtual folders.) lists, Group membership, VFS (EFT Server's Virtual File System allows you to grant access to files and folders on your system based on user and Group permissions. See virtual folder.) Groups, and VFS (EFT Server's Virtual File System allows you to grant access to files and folders on your system based on user and Group permissions. See virtual folder.) User permissions are handled by EFT Server and stored in the local AUD and CFG files. These permissions must be configured and maintained with the Administrator or through the COM interface. |
