Documentation forServ-U MFT & Serv-U FTP Server

LDAP authentication

LDAP user groups

LDAP user accounts are not visible or configurable on an individual basis in Serv-U, but LDAP group membership can be used to apply common permissions and settings such as IP restrictions and bandwidth throttles.

All LDAP users are members of a special default LDAP group. Click Configure Default LDAP Group in Users > LDAP Authentication or in Groups > LDAP groups to configure this group just like a normal Serv-U group.

LDAP users can also be members of individual LDAP groups. Click Configure LDAP Groups in Users > LDAP Authentication to configure these groups just like normal Serv-U groups.

LDAP group membership

In order for Serv-U to match users up to the appropriate user groups, the entire hierarchy, including the Distinguished Name (DN) must be recreated in the user group hierarchy.

LDAP users are also added to any LDAP Groups whose names appear in Group Membership attributes defined on the LDAP Authentication page. For example, if the Group Membership field is configured to be grp and an LDAP user record has both grp=Green and grp=Red attributes, Serv-U will associate that LDAP user with both the "Red" and "Green" LDAP groups.

Membership in one or more LDAP groups is required if the Require fully-qualified group membership for login option is selected on the Groups > LDAP Groups page. If this option is selected, and LDAP users cannot be matched up to at least one LDAP Group, they will not be allowed to sign on. In this case it is possible that Serv-U successfully authenticates to the LDAP server, and then rejects the user login because the user is not a member of any group.