LDAP Authentication Issues

Please post here if you have problems in using Wing FTP Server.
Post Reply
kschilla
Posts: 2
Joined: Thu Sep 26, 2019 10:01 am

LDAP Authentication Issues

Post by kschilla »

Hello,

I have some issues with LDAP authentication.

I created a local user, and mapped it to a AD test group with LDAP.

Then I changed the group mapping to a LDAP group that already had a lot of members.

The test user on AD can login, but does not get the home dir I used for the local user (D:/FTP/FTPRoot), but only the one I created as default (D:/FTP/Dummy) for the WINGFTPServer domain in LDAP Authentication settings.

So I have a few questions about LDAP authentication.

Is there a way I can check if the correct LDAP groups are retreived and applied?

Is there a limit of groups that WINGFTP server accepts from an LDAP query, or a max number of LDAP groups that can be returned when an user logs in?

If a user is a member of multiple LDAP groups, and several are mapped to local users, are the permissions merged, or is only 1 localuser profile applied, and which one will that be? The first in the list, or the last one?

Is there a limit on the length of the Distinghuished Name of the LDAP group what WingFTP server supports?

Is it possible to map serveral LDAP group to a single local user, or do they both need to be unique?

The reason I ask is that we have a multi Windows A.D. domain structure, with a lot of groups, and some users are member of multiple groups.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: LDAP Authentication Issues

Post by FTP »

OK, there is no string length limitation, and you can map several LDAP groups to a single local user, WingFTP will get all the memberof LDAP groups, and then check the LDAP group mapping string, find the first matched LDAP group, and return its mapped local user, so is it clear?
kschilla
Posts: 2
Joined: Thu Sep 26, 2019 10:01 am

Re: LDAP Authentication Issues

Post by kschilla »

Hello,

what do you exactly mean with "first matched LDAP group"? Can you explain how this is done?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: LDAP Authentication Issues

Post by FTP »

For example, if LDAP user "LDAP_User_A" belongs to two LDAP groups: "LDAP_Group_A" and "LDAP_Group_B".
And you also define the LDAP group mapping like this:

Code: Select all

LDAP_Group_A:LocalUser111
LDAP_Group_B:LocalUser222
The first matched LDAP group is "LDAP_Group_A", and it will use the attributes of the local user "LocalUser111", so is it clear?
Post Reply