Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Adding child domains

Adding child domains

Table of contents
Created by Dhalia Turiaga, last modified by MindTouch on Jun 23, 2016

Views: 16 Votes: 0 Revisions: 4

Overview

This article will guide you in setting up child domain/s in Serv-u using LDAP Authentication. Note that, this is not possible with Windows Authentication.

Environment

All Serv-U versions

Steps

In order to set-up child domains, try the following guidelines:

  1. Do not put a LDAP login id suffix and use sAMAccountName on attribute Login ID and on the search filter ((&(objectclass=user)(sAMAccountName=$LoginID)))
    Consult with your local LDAP administrator or use an LDAP client (for example, Softerra LDAP Browser or Apache Directory Studio) to find and test the right value for your LDAP server before deploying into production, and then modify the default search filter according to your specific setup.
    For example, if your LDAP server configuration contains subfolders, modify the search filter by adding a wildcard value (*) to match the whole folder structure.The search filter must be configured in a way that it only returns one user.
    Note: To test your search filters against Active Directory, use the Ldp tool. The default location of the tool isC:\Windows\System32\ldp.exe.
    For more information about the location and usage of the Ldp tool, search for Ldp on the Microsoft Technet or on the Microsoft Support website.
    Login ID: This field assigns the value of the named LDAP user entry attribute as your LDAP Users' login ID (username). A typical value on Active Directory is userPrincipalName. This value will almost always match the value paired with $LoginID in your Search Filter. In other words, this is your login ID in Serv-U, and it is compared to theuserPrincipalName in the search filter.
  2. If you want to use NTFS permission, desselect the 'Use LDAP Group home directory instead of the account home directory'. Otherwise, you need to map all of the groups under Groups>LDAP Groups page. Recreate the same structure as the group structure in Active Directory, and use the same names as the group names in Active Directory.
  3. Make sure that the 'Configure default ldap' under the Groups>LDAP Groups page should have a full access to directory like '/'.
  4. Enable 'Require fully-qualified group membership for login' under Groups>LDAP Groups page. If this option is selected, and LDAP users cannot be matched up to at least one LDAP Group, they will not be allowed to sign on. In this case it is possible that Serv-U successfully authenticates to the LDAP server, and then rejects the user login because the user is not a member of any group.

 

 

Last modified
02:33, 23 Jun 2016

Tags

Classifications

Public