This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Serv-U MFT - question/problem related to connecting to AD or LDAP

sepack over 2 years ago

I have Serv-U 15.2. We started using the tool with local users (defined from within the MFT console) and this works as expected.

We want to roll out the product internally to a large number of users and want to use Active Directory (AD) users and groups to manage this.

Following are the steps I took:

1. In MFT - Configured the connection to AD

2. In AD - created a NEW user account (test.user) for testing

3. Open a web page, navigate to the MFT login screen, login with the user credential for 'test.user'

The above 3 steps worked as expected.

Problem:

Open a web page, navigate to the MFT login screen, attempt to login using a user account that existed BEFORE completing step #1 above - login attempt fails with message of invalid account credentials.

For any domain user accounts that have been created AFTER establishing the connection to AD, the login works.

For any domain user accounts that ALREADY existed, BEFORE establishing the connection to AD, the login fails.

Changed the configuration to LDAP and had the same issue.

Has anyone else experienced this behavior? If so, did you find a solution?

I would also like to allow only users that are members of a select group. (Maybe this is done via the AD query?) Anyone else managed to do this?

Top Replies

sepack over 2 years ago +1

I was able to speak to someone in customer support and although they could not specifically answer my question, with their help I was able to correctly configure the LDAP connection to achieve the desired…

Parents

0 sepack over 2 years ago

I was able to speak to someone in customer support and although they could not specifically answer my question, with their help I was able to correctly configure the LDAP connection to achieve the desired results. The issue is now resolved.

The documentation in the MFT for connecting to LDAP is not very good, so there were some important elements that I did not have setup correctly. Once these issues were fixed, the authentication works as expected.

I tested both AD authentication and LDAP authentication - it should be noted that for my needs, LDAP authentication provides the superior method of authentication, as it enables restricting users to security groups, whereas AD authentication allows restriction only to an OU.
Cancel
Vote Up +1 Vote Down

Cancel
0 dodster over 1 year ago in reply to sepack

Yes I found the same, For my Business requirements.

LDAP needs AD Structure and AD Groups to be replicated within MFT to effectively enable access, If you have "Require fully-qualified group membership for login" flag Enabled, (Very Clunky - :( )

Also Needed to Enter %DOMAIN_HOME%\Folder to restrict access to that folder to only the group members

You can also set %DOMAIN_HOME%\Folder to lock the users to their directory, preventing them browsing

Admin overhead agreed, but able to implement and lock down to group members
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dodster over 1 year ago in reply to sepack

Yes I found the same, For my Business requirements.

LDAP needs AD Structure and AD Groups to be replicated within MFT to effectively enable access, If you have "Require fully-qualified group membership for login" flag Enabled, (Very Clunky - :( )

Also Needed to Enter %DOMAIN_HOME%\Folder to restrict access to that folder to only the group members

You can also set %DOMAIN_HOME%\Folder to lock the users to their directory, preventing them browsing

Admin overhead agreed, but able to implement and lock down to group members
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data