Authenticating with Microsoft Active Directory
|Top Previous Next|
Microsoft Active Directory is an LDAP service that may be used by external applications to authenticate users against a Microsoft domain. To use Active Directory for authentication purposes you may use any of the LDAP service types provided in the Authentication node of MFT Server Manager.
Prior to using LDAP you must first verify that you have Active Directory properly installed on the server you are authenticating against. To see if it is enabled on the server go to Start > Programs > Administrative Tools > Active Directory Users and Computers. If you do not see this menu option then it is likely you don't have Active Directory installed on this server. Please consult your Microsoft documentation for instructions on how to install and configure Active Directory.
Open the Active Directory manager from Start > Programs > Administrative Tools > Active Directory Users and Computers. Here you should node with a name like ad.domain.com or something similar. This is your zone name and will be used when setting your authentication details in MFT Server Manager. Beneath this zone you should see a Users folder that lists all the users for this system. You may have other folders in this directory. Please make note of the folder that contains the users you wish to authenticate with as this will be needed when constructing your User DN.
Using MFT Server Manager go to the Authentication node and set the Service type to LDAP authentication. Enter the connection details for your Active Directory service.
Host - The hostname or IP address of the LDAP service.
Port - The port of the LDAP service.
Timeout - The connection timeout when connecting to LDAP service.
User DN - The users distinguished name for authenticating with the LDAP service. The variable %username% may be used which refers to the username passed in during the authentication process.
Use SSL connection - Connect to LDAP server using SSL connection.
Allow anonymous binding - Sets whether user can bind anonymously to LDAP directory.
Create user if not found using template - This allows for accounts to be created automatically upon successful authentication. If selected, an account will be created automatically (if it does not exist already) using the specified User Template.
Convert username before creation to - If enabled, the username supplied will be converted to specified case before passing username to specified User Template.
Use failover server - If enabled and primary LDAP server is inaccessible then authentication will be attempted against failover server.
To test your Active Directory connection click the Test Parameters button on this panel and enter a valid username/password for the Active Directory service when prompted.
You may need to change your server configuration to allow inbound requests on port 389. If needed this can be done via the Control Panel > Network Connections menu in Windows. From here right-click on the desired network interface and click the Properties > Advanced > Settings menu option. In the Exceptions tab add port 389 to allow inbound connections to this port.