Changing and Testing LDAP Authentication Options

(Available in EFT Enterprise)

The LDAP Authentication Options dialog box is used to edit and test EFT's connection to the LDAP server after you have configured LDAP Authentication.

To edit or test LDAP authentication settings

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the LDAP Site that you want to configure.

  3. In the right pane, click the General tab.

  4. Next to the User auth manager box, click Configure. The LDAP Authentication Options dialog box appears.

  5. To specify that the user list is to be updated automatically, select the Enable Automatic Refresh every check box, then specify how often you want EFT to check the authentication database for new users. Clear the check box if you do not want the Site's user list to refresh automatically. (This setting is inherited from the Server's General Settings on the Server's General tab. Never refresh user list automatically is specified by default.)

  6. The user list is not refreshed automatically when a Site is stopped for Server startup; user database synchronization timer; or administrator changes related to the user database. You can manually refresh the user database by clicking View > Refresh User Database on the main menu.

  7. Select the Synchronize users only after they first attempt to log in check box to specify whether to load the whole LDAP user database into EFT at once or to pull users one-by-one after successful logins.

  8. In the Server box, type the Server name or IP address.

  9. In the Port box, keep the default port 389 or specify a different port.

  10. In the Base DN box, type the base domain name for the LDAP user database, in the format option=value (e.g.: dc=forest,dc=tree,dc=branch), or click List DNs to complete the box automatically or select from a list.

  11. In the User Filter box, type the search filter information. Refer to Advanced LDAP Filtering for a detailed explanation of LDAP filtering. For example:

    (&(memberof=CN=eft users,cn=Users,dc=demo,dc=vm)(objectclass=person))

     

    (&(memberof=CN=eft users,cn=Users,dc=forest,dc=tree)(objectclass=person))

  12. In the Attribute box, type a comma-separated list of attributes to retrieve. For example, type:

    userPrincipalName,mail,e-mail,name,cn

    (Add userprincipalname to the attributes so that the userprincipalname is used for the account name in queries.)

  13. In the User Information area, click one of the following binding methods to define how the client is authenticated:

    For details of creating complex LDAP filters, refer to Advanced LDAP Filtering.

  14. If you are using SSL, select the Use SSL check box.

    You need to have a certificate that includes Server Authentication on the LDAP server you are connecting to. If you install Certificate Services on the domain on which EFT is installed, you can request the certificate on the LDAP server. For more information, refer to the Microsoft Support article "How to enable LDAP over SSL with a third-party certification authority."

    The LDAP bind password is encrypted in the FTP.cfg file.

  15. To change the advanced options (SSL, timeout, scope, etc.), click Advanced and specify advanced options based on your requirements.

  16. To test your settings, click Test. The query returns information about your LDAP connection.

  17. To close the dialog box, click the X in the upper right corner or press ESC.

  18. Click OK to close the LDAP Authentication Options dialog box.

  19. Click Apply to save the changes on EFT.