The LDAP Server configuration dialog is displayed when you clickAdd,Edit, or Copy on the LDAP Servers list.
Provide the following information to configure your LDAP server:
l Host:The host name or IP address of the LDAP server. This may be IPv4 or IPv6,
but it is always required.
l Port:The TCP port on which the LDAP server is listening. This will often be 389. l Server Name:This required field should contain a short description of this
LDAP server. Provide a brief description of the domain and the type of LDAP server (for example,Tampa Office OpenLDAP).
l Connection Account:The user name of the account that is used to connect to
the LDAP server and execute queries against it. Provide the account name complete with the UPN suffix. Serv-U does not automatically apply the UPN
l Connection Account Password:The password belonging to the account that is
used to connect to the LDAP server and execute queries against the LDAP server.
Note:If the Connection Account credentials are not supplied, then the credentials that are being authenticated are used.
l Enable LDAP Server:Select this option to enable the LDAP server. Disabled
LDAP servers will be skipped over during LDAP authentication if you have configured multiple LDAP servers. LDAP authentication will stop working if you disable all your configured LDAP servers.
l Description: An optional field in which you can write more notes about your
LDAP server.
l Base DN:Use this required field to provide the Base DN (or search DN) of the
main node in your LDAP server. The Base DN determines the structure in your LDAP server where the search filter will be applied.
This is usually similar to the domain name over which your LDAP server has authority. For example, if your LDAP server provides information about your
solardomain, this value can beDC=solar,DC=local.
To determine the correct Base DN, hover over the main node of the LDAP server, and look for the highlighted information.
Search Filter
l This required field is used to tell Serv-U how to match incoming LoginIDs
("usernames") to specific LDAP Server entries.$LoginIDmust be included somewhere in this field. The search filter is used to search in the Users tree of the LDAP server.
During authentication Serv-U will replace this variable with the LDAP User's LoginID (and LDAP Login ID suffix, if specified). The value of the search filter varies between different types of LDAP servers, and may even vary between different LDAP servers of the same type (depending on the specific schema your LDAP administrator has implemented).
For Active Directory LDAP servers, a value of(&(objectClass=user)
(userPrincipalName=$LoginID))is recommended. This value is provided by default in Serv-U.
Consult with your local LDAP administrator or use an LDAP client (for example, Softerra LDAP Browser or Apache Directory Studio) to find and test the right value for your LDAP server before deploying into production, and then modify the default search filter according to your specific setup.
For example, if your LDAP server configuration contains subfolders, modify the search filter by adding a wildcard value (*) to match the whole folder
structure.The search filter must be configured in a way that it only returns one user.
To test your search filters against Active Directory, use the Ldp tool. The default location of the tool isC:\Windows\System32\ldp.exe.
For more information about the location and usage of the Ldp tool, search for Ldp on theMicrosoft Technetor on theMicrosoft Support website.
The configuration of the following values in the Attribute Mapping grouping is optional.
l Home Directory:This field assigns the value of the named LDAP user entry
attribute as your LDAP Users' home directory. A typical value on Active Directory ishomeDirectory.
l Full Name:This field assigns the value of the named LDAP user entry attribute
l Email Address:This field assigns the value of the named LDAP user entry
attribute as your LDAP Users' email address. A typical value on Active Directory ismail.
l Login ID:This field assigns the value of the named LDAP user entry attribute as
your LDAP Users' login ID (username). A typical value on Active Directory is
userPrincipalName. This value will almost always match the value paired with$LoginIDin your Search Filter. In other words, this is your login ID in Serv-U, and it is compared to theuserPrincipalNamein the search filter.
l Group Membership:This field uses all the values found in the named LDAP
attribute as additional LDAP Group membership assigments. For example, if this is configured asgrpand an LDAP user record has both grp=Greenand
grp=Redattributes, Serv-U associates that LDAP User with both the "Red" and "Green" LDAP Groups. A typical value on Active Directory ismemberOf.