Serv-U MFT - question/problem related to connecting to AD or LDAP

I have Serv-U 15.2.  We started using the tool with local users (defined from within the MFT console) and this works as expected.

We want to roll out the product internally to a large number of users and want to use Active Directory (AD) users and groups to manage this.

Following are the steps I took:

    1. In MFT - Configured the connection to AD

    2. In AD - created a NEW user account (test.user) for testing

    3. Open a web page, navigate to the MFT login screen, login with the user credential for 'test.user'

The above 3 steps worked as expected.

Problem:

Open a web page, navigate to the MFT login screen, attempt to login using a user account that existed BEFORE completing step #1 above - login attempt fails with message of invalid account credentials.

For any domain user accounts that have been created AFTER establishing the connection to AD, the login works.

For any domain user accounts that ALREADY existed, BEFORE establishing the connection to AD, the login fails.

Changed the configuration to LDAP and had the same issue.

Has anyone else experienced this behavior?  If so, did you find a solution?

I would also like to allow only users that are members of a select group.  (Maybe this is done via the AD query?)  Anyone else managed to do this?

  • I was able to speak to someone in customer support and although they could not specifically answer my question, with their help I was able to correctly configure the LDAP connection to achieve the desired results.  The issue is now resolved.

    The documentation in the MFT for connecting to LDAP is not very good, so there were some important elements that I did not have setup correctly.  Once these issues were fixed, the authentication works as expected.

    I tested both AD authentication and LDAP authentication - it should be noted that for my needs, LDAP authentication provides the superior method of authentication, as it enables restricting users to security groups, whereas AD authentication allows restriction only to an OU.