This article will guide you in setting up child domain/s in Serv-u using LDAP Authentication. Note that, this is not possible with Windows Authentication.
In order to set-up child domains, try the following guidelines:
- Do not put a LDAP login id suffix and use sAMAccountName on attribute Login ID and on the search filter ((&(objectclass=user)(sAMAccountName=$LoginID)))
Consult with your local LDAP administrator or use an LDAP client (for example, Softerra LDAP Browser or Apache Directory Studio) to find and test the right value for your LDAP server before deploying into production, and then modify the default search filter according to your specific setup.
For example, if your LDAP server configuration contains subfolders, modify the search filter by adding a wildcard value (*) to match the whole folder structure.The search filter must be configured in a way that it only returns one user.
Note: To test your search filters against Active Directory, use the Ldp tool. The default location of the tool isC:\Windows\System32\ldp.exe.
For more information about the location and usage of the Ldp tool, search for Ldp on the Microsoft Technet or on the Microsoft Support website.
Login ID: This field assigns the value of the named LDAP user entry attribute as your LDAP Users' login ID (username). A typical value on Active Directory is userPrincipalName. This value will almost always match the value paired with $LoginID in your Search Filter. In other words, this is your login ID in Serv-U, and it is compared to theuserPrincipalName in the search filter.
- If you want to use NTFS permission, desselect the 'Use LDAP Group home directory instead of the account home directory'. Otherwise, you need to map all of the groups under Groups>LDAP Groups page. Recreate the same structure as the group structure in Active Directory, and use the same names as the group names in Active Directory.
- Make sure that the 'Configure default ldap' under the Groups>LDAP Groups page should have a full access to directory like '/'.
- Enable 'Require fully-qualified group membership for login' under Groups>LDAP Groups page. If this option is selected, and LDAP users cannot be matched up to at least one LDAP Group, they will not be allowed to sign on. In this case it is possible that Serv-U successfully authenticates to the LDAP server, and then rejects the user login because the user is not a member of any group.