Authenticating with Microsoft Active Directory

Top  Previous  Next

Microsoft Active Directory is an LDAP service that may be used by external applications to authenticate users against a Microsoft domain.  To use Active Directory for authentication purposes you may use any of the LDAP service types provided in the "Authentication" node of JSCAPE MFT Server Manager.

 

Verifying Active Directory Installation

Obtaining Zone Name

Setting Authentication Details

Testing Connection

Firewall Configuration

 

Verifying Active Directory Installation

 

Prior to using LDAP you must first verify that you have Active Directory properly installed on the server you are authenticating against.  To see if it is enabled

on the server go to Start > Programs > Administrative Tools > Active Directory Users and Computers.  If you do not see this menu option then it is likely you don't have Active Directory installed on this server.  Please consult your Microsoft documentation for instructions on how to install and configure Active Directory.

 

Obtaining Zone Name

 

Open the Active Directory manager from Start > Programs > Administrative Tools > Active Directory Users and Computers.  Here you should node with a name like "ad.domain.com" or something similar.  This is your zone name and will be used when setting your authentication details in JSCAPE MFT Server Manager.  Beneath this zone you should see a Users folder that lists all the users for this system.  You may have other folders in this directory.  Please make note of the folder that contains the users you wish to authenticate with as this will be needed when constructing your User DN.

 

Setting Authentication Details

 

Using JSCAPE MFT Server Manager go to the "Authentication" node and set the Service type to LDAP User Authentication.  Enter the connection details for your Active Directory service.

 

Figure 61

 

clip0061

 

Host - The hostname or IP address of the LDAP service.

 

Port - The port of the LDAP service.

 

Timeout - The connection timeout when connecting to LDAP service.

 

User DN - The users distinguished name for authenticating with the LDAP service. The variable %username% may be used which refers to the username passed in during the authentication process.

 

Use SSL connection - Connect to LDAP server using SSL connection.

 

Allow anonymous binding - Sets whether user can bind anonymously to LDAP directory.

 

Use failover server - If enabled and primary LDAP server is inaccessible then authentication will be attempted against failover server.

 

Create account if not found using template - This allows for accounts to be created automatically upon successful authentication.  If selected, an account will be created automatically (if it does not exist already) using the specified User Template.

 

Testing Connection

 

To test your Active Directory connection click the "Test parameters" button on this panel and enter a valid username/password for the Active Directory service when prompted.

 

Firewall Configuration

 

You may need to change your server configuration to allow inbound requests on port 389.  If needed this can be done via the Control Panel > Network Connections menu in Windows.  From here right-click on the desired network interface and click the Properties > Advanced > Settings menu option.  In the "Exceptions" tab add port 389 to allow inbound connections to this port.

 

See also

 

Setting authentication preferences