Showing results for 
Search instead for 
Did you mean: 
Create Post

MORTAL KOMBAT - Windows vs LDAP Authentication - FIGHT!

Issue - My users want to log in using their Active Directory authentication credentials, and I don't know how to deploy this in Serv-U.

Resolution - Configure either Windows Authentication or LDAP Authentication in your Serv-U Domain.

Many Serv-U administrators find themselves asking:

"What is the difference between Windows Authentication and LDAP Authentication in Serv-U? And which one should I configure?"

And we are here to assist with this choice.

Windows vs. LDAP

Both LDAP and Active Directory are used to allow users to connect to Serv-U by using Active Directory credentials. LDAP additionally allows for authentication against other LDAP servers like Apache Directory Server and OpenLDAP.

The main difference between LDAP Groups and Windows Groups in Serv-U is the following:

    • Windows Groups utilize NTFS permissions, but configuration is at the Organizational Unit only, with no hook into Security Groups.
    • LDAP Groups do not leverage NTFS permissions (so Serv-U is in control of file and folder permissions) but you can use Security Groups to apply permissions and settings (though settings are not inherited by nested groups).

Even though the LDAP configuration can be slightly more difficult to set up, if an admin asks for a recommendation on which to use we would prefer LDAP due to ease of use once it is configured correctly.

After you make the choice, configure Windows or LDAP authentication

Windows Authentication ConfigurationLDAP Authentication Configuration

AD - 1.JPG

AD - 2.JPG


LDAP - Group.JPG


The following images show what a successful HTTP login looks like for the user and the Serv-U admin. Note that LDAP and Windows Authentication looks identical in the logs.

The login page for the user named LDAP


The log entries for the admin for a successful login and logout can be viewed under Serv-U admin console > Domain Activity > Log.

[02] Fri 31Oct14 16:03:53 - (000003) Connected to 10.XXX.X.XX (local address 10.XXX.X.XX, port 80)

[40] Fri 31Oct14 16:03:53 - (000003) HTTP_LOGIN: user: LDAP; domain: 10.XXX.X.XX

[02] Fri 31Oct14 16:03:53 - (000003) User "LDAP@lab.aus.example" logged in

[41] Fri 31Oct14 16:03:53 - (000003) HTTP_OKAY (200): SESS_OKAY

[40] Fri 31Oct14 16:03:57 - (000003) HTTP_LIST: path: "~/"

[41] Fri 31Oct14 16:03:57 - (000003) HTTP_OKAY (200): okay

[40] Fri 31Oct14 16:04:05 - (000003) HTTP_LOGOUT

[41] Fri 31Oct14 16:04:05 - (000003) HTTP_OKAY (200): okay

[02] Fri 31Oct14 16:04:05 - (000003) User "LDAP@lab.aus.example" logged out

[02] Fri 31Oct14 16:04:05 - (000003) Closed session

Being able to read and understand the log is useful for not only this issue, but for many other issues in Serv-U. If an error occurs Serv-U will most likely have the error in its log. If you see no such errors then Serv-U did not capture the issue in the connection, and with LDAP and AD authentication, we urge you to review the directory machine's log.

The following articles contain more information about setting up and understanding the log files in Serv-U:

Setting Up Serv-U's Log  -  KB Article #1357

Reading Serv-U's Log File  -  KB Article #1212

Please keep Serv-U up to date

Finally we urge any administrator working with LDAP or Windows authentication to make sure their Serv-U installation is up to date.
To ensure the best experience, we advise that you upgrade to the latest version of Serv-U BEFORE configuring your advanced user authentication. If you need more information about what has been fixed or what the latest version of Serv-U is, please visit our release notes page:

For upgrade, backup, and migration information, please refer to the following links:

Version history
Revision #:
1 of 1
Last update:
‎11-03-2014 10:00 AM
Updated by: