From the top menu, select Host > Host Details. The Host Details page opens.
Next to User database, click Configure. The User Database Configuration page opens.
This page allows you to configure a host to use an LDAP (Lightweight Directory Access Protocol) user database for authentication. You need to provide the information used to connect to an LDAP database, and query the database for a specified set of users. The query determines which users will be added to the user database for the WS_FTP Server host.
For a description of the LDAP feature in WS_FTP Server, see About LDAP.
Connection Settings
This section specifies the information used to connect to an LDAP database server.
Use SSL. Select this option to connect via SSL on the specified port so that all communications between WS_FTP Server and the LDAP server are encrypted. The standard SSL port for LDAP is 636 (TCP).
Use mutual authentication. Select this option if the LDAP server requests a client certificate to prove the client's identity. Your LDAP server administrator can tell you if a client certificate is needed. In many cases, you can use the default option Default RSA SSL Certificate. If you have a trusted SSL client certificate that you want to use, you can select the certificate from the list, provided it has been imported into the certificate store. For information on SSL certificates, see Using SSL.
Primary host. Enter the hostname or IP address of the LDAP server.
Port. Enter the port on which the primary host's LDAP server is running. The default is port 389, or if SSL is selected, 636.
Secondary host. Optionally, enter the hostname or IP address of a second LDAP server that will be queried if the connection to the primary host fails. The secondary host should contain a mirrored version of the primary's LDAP database.
Port. Enter the port on which the secondary host's LDAP server is running. The default is port 389, or, if SSL is selected, 636.
Some LDAP servers allow you to connect anonymously (an anonymous bind). To do an anonymous bind, leave the User name and Password blank.
User name. Enter the Distinguished Name (DN) used to authenticate to the LDAP database on the primary host. This user is used to run the query (specified below in the Directory Attributes section ) that selects users from the LDAP database. The DN is the information required to authenticate to the LDAP server, and depends on your LDAP server's configuration. The administrator of your LDAP server will know what is required, but typically you need to enter: your user name, called Common Name (CN), your Organizational Unit (OU), and your domain, called domain component (DC); for example: cn=mjones, ou=georgia office, dc=domain1, dc=YourCompany, dc=com
The domain in this example is: domain1.YourCompany.com
If you specify a secondary host, the DN and password should be the same on both the primary and secondary hosts.
Password. Enter the password for the DN.
LDAP servers use the syntax "username@hostname," which means you need to change the host separator (default is @) used for WS_FTP Server hosts. The host separator is defined on the System Details page.
This section contains options for working with the LDAP server.
Server type. Select the type of server from the list of supported LDAP servers. The type selected will determine some of the default values displayed in the Directory Attributes options.
Network timeout. The number of seconds after which the attempt to authenticate to the LDAP server, or search the LDAP database will be abandoned.
LDAP version. This option identifies the version of LDAP used by the LDAP server you are connecting to. WS_FTP Server supports v2 and v3 of LDAP. The default is v3, which is the most recent specification. v3 is backwards compatible with v2.
Use server side paging. Select this option to use paging on the LDAP server when synchronizing the LDAP user database with WS_FTP Server. If the LDAP database has a large number of users, this paging option can speed the synchronization. The option is selected by default.
Synchronization of the LDAP user database with the WS_FTP Server database means that changes to the LDAP user database are written to the WS_FTP Server database. This is a one-direction update. Synchronization happens when:
A new user logs on to WS_FTP Server.
On the Users page, you (the WS_FTP Server administrator) select to Synchronize the databases.
Page size. The page size to use for server side paging.
Directory Attributes
This section provides the information used to form the query of the LDAP database. The query returns the set of users to be added to the user database for the WS_FTP Server host.
Base DN. Enter the DN of the object to be searched in the LDAP database. For example, to search for users in the domain, domain1.YourCompany.com, you would enter the DN as: dc=domain1,dc=yourCompany,dc=com
Search subtrees. Select this option to allow the search to access subtrees of the Base DN.
For the following options, the default value changes based on the Server type selected in the Server Settings section of this page.
User filter. Enter an LDAP query that returns a specific list of users that you want to add to the user database for the WS_FTP Server host. You should use as specific a query as possible to return the best fit of users.
For more information about distinguished names and creating an LDAP query, see "LDAP Naming Model" in How Active Directory Searches Work on the Microsoft Web site. To troubleshoot an LDAP query, see Troubleshooting an LDAP connection and query.
From the top menu, select Host > Host Details. The Host Details page opens.
Next to User database, click Configure. The User Database Configuration page opens.
Login. The LDAP object name for the user name. The default object returns the user name, which is required to create a WS_FTP Server user. If your LDAP database uses a non-standard schema, you will need to enter the object that defines the login user name.
Full name. The LDAP object name for the user's full name. The default object returns the user's full name. This object is not required to create a WS_FTP Server user. If your LDAP database uses a non-standard schema, you will need to enter the object that defines the user's full name.
Email address. The LDAP object name for the user's e-mail address. This object is not required to create a WS_FTP Server user. If your LDAP database uses a non-standard schema, you will need to enter the object that defines the user's email address.
Test. The Test button runs a script that simulates a connection to the LDAP server and tests the query by using the information you have provided on this page. The test results are displayed in a log window, these results can be copied and pasted to an email or other report. You can use this log to determine if there is a connection error or if the specified query returns the appropriate list of users.
For more information about distinguished names and creating an LDAP query, see "LDAP Naming Model" in How Active Directory Searches Work on the Microsoft Web site. To troubleshoot an LDAP query, see Troubleshooting an LDAP connection and query.
How to get here