Active Directory Authentication
Host
The host address of the Active Directory server. The Host can be:
- Fully Qualified Domain Name (FQDN), such as dev.myCompany.com
- Fully Qualified Machine Name (FQMN), such as myComputer.dev.myCompany.com
- Flat domain name, such as dev
- NETBIOS computer name, such as myComputer
- IP address, such as 127.0.0.1
Port
Enter the port number for the host. It will be defaulted to standard LDAP server port 389 or SSL port 636.
Bind DN
The DN (Distinguished Name) used to bind to the Active Directory server to perform the LDAP search, which is required to synchronize the user list of the domain. It will be used together with Bind Password.
Bind Password
Enter the password for the binding DN.
Base
Enter the base DN for LDAP search, which is required to retrieve the user list or authenticate a user against Active Directory service.
Save Password
If enabled, Bind Password will be saved to server configuration data.
Use SSL/TLS
If enabled, communication with the Active Directory service is protected by an SSL/TLS layer.
Anonymous bind
Perform an anonymous bind to the Active Directory service when searching. If enabled, Bind DN and Bind Password fields will be ignored.
User Filter
The LDAP filter for performing a user search on the Active Directory. For example, (objectClass=person).
SSH public key attribute
Indicates the name of the user attribute in Active Directory which holds the user SSH public key. The SSH public key must be stored as a text string in Base64 format with all headers and delimiters removed. The AD schema must be modified to add a new attribute to hold a Base64 encoded SSH key.
Use User Principal Name to log in
By default, TurboFTP Server allows Active Directory users to use SAM-Account-Name to log in. When this option is enabled, a user can also use User Principal Name (UPN) to log in. For example, a user has FQDN "CN=John Kant,OU=qa,OU=rad,DC=example,DC=org", and has a UPN name on the domain, jkant@example.org, which he can use to log into any service provisioned by TurboFTP Server.
Use AD user home directory
When this option is enabled, user home directory will be the one specified in Active Directory user attribute 'homeDirectory'. Note that the user will also have full access rights to the directory and the settings in the Dir Access tab will be ignored. The User Home Folder field under User -> General tab will be disabled.
Test Button
The test button allows you to test a login account using the current Active Directory authentication configuration.