MORTAL KOMBAT - Windows vs LDAP Authentication - FIGHT!
Issue - My users want to log in using their Active Directory authentication credentials, and I don't know how to deploy this in Serv-U.
Resolution - Configure either Windows Authentication or LDAP Authentication in your Serv-U Domain.
Many Serv-U administrators find themselves asking:
"What is the difference between Windows Authentication and LDAP Authentication in Serv-U? And which one should I configure?"
And we are here to assist with this choice.
Windows vs. LDAP
Both LDAP and Active Directory are used to allow users to connect to Serv-U by using Active Directory credentials. LDAP additionally allows for authentication against other LDAP servers like Apache Directory Server and OpenLDAP.
The main difference between LDAP Groups and Windows Groups in Serv-U is the following:
Windows Groups utilize NTFS permissions, but configuration is at the Organizational Unit only, with no hook into Security Groups.
LDAP Groups do not leverage NTFS permissions (so Serv-U is in control of file and folder permissions) but you can use Security Groups to apply permissions and settings (though settings are not inherited by nested groups).
Even though the LDAP configuration can be slightly more difficult to set up, if an admin asks for a recommendation on which to use we would prefer LDAP due to ease of use once it is configured correctly.
After you make the choice, configure Windows or LDAP authentication
The following images show what a successful HTTP login looks like for the user and the Serv-U admin. Note that LDAP and Windows Authentication looks identical in the logs.The login page for the user named LDAP
The log entries for the admin for a successful login and logout can be viewed under Serv-U admin console > Domain Activity > Log.
 Fri 31Oct14 16:03:53 - (000003) Connected to 10.XXX.X.XX (local address 10.XXX.X.XX, port 80)
Being able to read and understand the log is useful for not only this issue, but for many other issues in Serv-U. If an error occurs Serv-U will most likely have the error in its log. If you see no such errors then Serv-U did not capture the issue in the connection, and with LDAP and AD authentication, we urge you to review the directory machine's log.
The following articles contain more information about setting up and understanding the log files in Serv-U:
Finally we urge any administrator working with LDAP or Windows authentication to make sure their Serv-U installation is up to date. To ensure the best experience, we advise that you upgrade to the latest version of Serv-U BEFORE configuring your advanced user authentication. If you need more information about what has been fixed or what the latest version of Serv-U is, please visit our release notes page:
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.