Groups are a method of sharing common configuration options with multiple user accounts. Configuring a group is similar to configuring a user account. Virtually every configuration option available for a user account can be set at the group level. In order for a user to inherit a group's settings, it must be a member of the group. Permissions and attributes inherited by a user through group membership can still be overridden at the user level. A user can be a member of multiple groups in order to acquire multiple collections of permissions, such as directory or IP access rules.
Like user accounts, groups can be created at multiple different levels, including the following:
However, groups are only available to user accounts that are defined at the same level. In other words, a global user (that is, a user defined at the server level) can only be a member of a global group. Likewise, a user defined for a specific domain can only be a member of a group also created for that domain. This restriction also applies to groups created in a database in that only users created within a database at the same level can be members of those groups.
Use the Add, Edit, and Delete buttons to manage the available groups.
You can configure a template for creating new groups by clicking Template. The template group can be configured just like any other group object, with the exception of giving it a name. After the settings are saved to the template, all new groups are created with their default settings set to those found within the template. This way you can configure some basic settings that you want all of your groups to use by default.
You can use Window groups to apply common permissions and settings such as IP restrictions and bandwidth throttles to Windows users.
All Windows users are members of the default Windows group. You can create additional Windows groups to assign different permissions and settings to different groups of Windows users.
Windows group membership is determined by the hierarchical OU (organizational unit) membership of each Windows user. For example, a user in the My Business > Accounting > red team OU tree would be a member of the My Business > Accounting > red team Windows group on Serv-U, if that group exists. (Visually, "My Business" would be the top Windows group, "Accounting" would be an indented child Windows group under that, and "red team" would be an indented child under "Accounting".)
Membership in one or more Windows Groups is required if the Require fully-qualified group membership for login option is selected on the Windows Groups page. If this option is selected and Windows users cannot be matched up to at least one Windows group, they are not be allowed to log in.
Windows groups are only available when the following conditions apply:
Administrators can allow clients to log in to the file server using the local Windows user database or one that is made accessible through a domain server. These user accounts do not exist in the local Serv-U user database and cannot be configured on an individual basis. To aid in configuring these accounts, all users logged in through this method belong to the Default Windows User Group. Clicking this button allows this group to be configured like normal. However, changes that are made to this group only apply to Windows user accounts.
LDAP user accounts are not visible or configurable on an individual basis in Serv-U, but LDAP group membership can be used to apply common permissions and settings such as IP restrictions and bandwidth throttles.
All LDAP users are members of a special default LDAP group. Click Configure Default LDAP Group in Users > LDAP Authentication or in Groups > LDAP groups to configure this group just like a normal Serv-U group.
LDAP users can also be members of individual LDAP groups. Click Configure LDAP Groups in Users > LDAP Authentication to configure these groups just like normal Serv-U groups.
In order for Serv-U to match users up to the appropriate user groups, the entire hierarchy, including the Distinguished Name (DN) must be recreated in the user group hierarchy.
LDAP users are also added to any LDAP Groups whose names appear in Group Membership attributes defined on the LDAP Authentication page. For example, if the Group Membership field is configured to be
grp and an LDAP user record has both
grp=Red attributes, Serv-U will associate that LDAP user with both the "Red" and "Green" LDAP groups.
Membership in one or more LDAP groups is required if the Require fully-qualified group membership for login option is selected on the Groups > LDAP Groups page. If this option is selected, and LDAP users cannot be matched up to at least one LDAP Group, they will not be allowed to sign on. In this case it is possible that Serv-U successfully authenticates to the LDAP server, and then rejects the user login because the user is not a member of any group.
For more information about LDAP authentication, see LDAP authentication.