Skip to content

Active Directory Authentication

MFT server Active Airectory authentication

Host

The host address of the Active Directory server. The Host can be:

  • Fully Qualified Domain Name (FQDN), such as dev.myCompany.com
  • Fully Qualified Machine Name (FQMN), such as myComputer.dev.myCompany.com
  • Flat domain name, such as dev
  • NETBIOS computer name, such as myComputer
  • IP address, such as 127.0.0.1

Port

Enter the port number for the host. It will be defaulted to standard LDAP server port 389 or SSL port 636.

Bind DN

The DN (Distinguished Name) used to bind to the Active Directory server to perform the LDAP search, which is required to synchronize the user list of the domain. It will be used together with Bind Password.

Bind Password

Enter the password for the binding DN.

Base

Enter the base DN for LDAP search, which is required to retrieve the user list or authenticate a user against Active Directory service.

Save Password

If enabled, Bind Password will be saved to server configuration data.

Use SSL/TLS

If enabled, communication with the Active Directory service is protected by an SSL/TLS layer.

Anonymous bind

Perform an anonymous bind to the Active Directory service when searching. If enabled, Bind DN and Bind Password fields will be ignored.

User Filter

The LDAP filter for performing a user search on the Active Directory. For example, (objectClass=person).

SSH public key attribute

Indicates the name of the user attribute in Active Directory which holds the user SSH public key. The SSH public key must be stored as a text string in Base64 format with all headers and delimiters removed. The AD schema must be modified to add a new attribute to hold a Base64 encoded SSH key.

Use User Principal Name to log in

By default, TurboFTP Server allows Active Directory users to use SAM-Account-Name to log in. When this option is enabled, a user can also use User Principal Name (UPN) to log in. For example, a user has FQDN "CN=John Kant,OU=qa,OU=rad,DC=example,DC=org", and has a UPN name on the domain, jkant@example.org, which he can use to log into any service provisioned by TurboFTP Server.

Use AD user home directory

When this option is enabled, user home directory will be the one specified in Active Directory user attribute 'homeDirectory'. Note that the user will also have full access rights to the directory and the settings in the Dir Access tab will be ignored. The User Home Folder field under User -> General tab will be disabled.

Test Button

The test button allows you to test a login account using the current Active Directory authentication configuration.