Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Archive > 2017December13 - Deletes > Adding child domains

Adding child domains

Table of contents
Created by Dhalia Turiaga, last modified by Kevin.Swinson on Dec 13, 2017

Views: 601 Votes: 0 Revisions: 5

Overview

This article will guide you in setting up child domain/s in Serv-u using LDAP Authentication. Note that, this is not possible with Windows Authentication.

Environment

All Serv-U versions

Steps

In order to set-up child domains, try the following guidelines:

  1. Do not put a LDAP login id suffix and use sAMAccountName on attribute Login ID and on the search filter ((&(objectclass=user)(sAMAccountName=$LoginID)))
    Consult with your local LDAP administrator or use an LDAP client (for example, Softerra LDAP Browser or Apache Directory Studio) to find and test the right value for your LDAP server before deploying into production, and then modify the default search filter according to your specific setup.
    For example, if your LDAP server configuration contains subfolders, modify the search filter by adding a wildcard value (*) to match the whole folder structure.The search filter must be configured in a way that it only returns one user.
    Note: To test your search filters against Active Directory, use the Ldp tool. The default location of the tool isC:\Windows\System32\ldp.exe.
    For more information about the location and usage of the Ldp tool, search for Ldp on the Microsoft Technet or on the Microsoft Support website.
    Login ID: This field assigns the value of the named LDAP user entry attribute as your LDAP Users' login ID (username). A typical value on Active Directory is userPrincipalName. This value will almost always match the value paired with $LoginID in your Search Filter. In other words, this is your login ID in Serv-U, and it is compared to theuserPrincipalName in the search filter.
  2. If you want to use NTFS permission, desselect the 'Use LDAP Group home directory instead of the account home directory'. Otherwise, you need to map all of the groups under Groups>LDAP Groups page. Recreate the same structure as the group structure in Active Directory, and use the same names as the group names in Active Directory.
  3. Make sure that the 'Configure default ldap' under the Groups>LDAP Groups page should have a full access to directory like '/'.
  4. Enable 'Require fully-qualified group membership for login' under Groups>LDAP Groups page. If this option is selected, and LDAP users cannot be matched up to at least one LDAP Group, they will not be allowed to sign on. In this case it is possible that Serv-U successfully authenticates to the LDAP server, and then rejects the user login because the user is not a member of any group.

 

 

Last modified

Tags

Classifications

Public