FileZilla Pro Enterprise Server Active Directory Integration

Active Directory (AD) is Microsoft’s centralized directory service that manages users, groups, and resources within a Windows domain environment. Our FileZilla Pro Enterprise Server has been integrated with Active Directory for seamless authentication and user management. This means you can leverage existing AD accounts and organizational structures instead of creating and maintaining separate credentials. The integration simplifies administration, enhances security through centralized access control, and ensures consistent policies across your environment.

Note: This feature is only available on FileZilla Pro Enterprise Server, if you didn’t buy it yet you can buy FileZilla Pro Enterprise Server from our Store.

Setting Up an Active Directory

To configure user authentication with your Active Directory, you’ll need to create an Active Directory Profile.

In the Server field, enter the server’s Fully Qualified Domain Name (FQDN) or its IP address to establish the connection.

To enable Active Directory authentication, FileZilla Pro Enterprise Server needs to connect to the Active Directory to verify user credentials.

By default, FileZilla Pro Enterprise Server uses the credentials of the system account it is running under to bind to Active Directory. To use different credentials, select Use a different account from the AD Binding credentials drop-down menu and enter the desired username and password in the respective fields.

Click on the Test the profile button to verify that the connection works.

FileZilla Pro Enterprise Server Active Directory integration also allows you to configure more advanced settings.

Active Directory Advanced Settings

The Active Directory configuration can be fine-tuned via advanced settings. These options allow you to define mount points, enhance authentication, refine authorizations, and map groups more precisely.

AD Mappings

In the AD mappings tab you configure how FileZilla Pro Enterprise Server maps user information from Active Directory (AD) to internal server settings. Each field accepts the name of an AD attribute, which will be used to populate corresponding properties in FileZilla Pro Enterprise Server.

Mount Points

This field accepts the name of an AD attribute that contains mount points (see Editing mount points). These mount points are merged with the ones defined in FileZilla Pro Enterprise Server for the user that successfully logs in. The groups defined in FileZilla Pro Enterprise Server take precedence.

If the is optional checkbox is selected, the attribute does not need to exist for the user in order for the login to succeed.

Attribute Details


Type        Multi-valued UNICODE string
Format      Each value is a CSV string with the following fields:
of each     [native path],[virtual path],[access type],[recursive type],[flags]
value       access, recursive, and flags can be either numeric values or their symbolic names.
            See below table for details.
Example     “/”,”C:",read_write,apply_permission_recursively,autocreate
            “/foo”,”D:",1,2,0        

Value Fields Details


Access  read_only (0)
enums   read_write (1)
        disabled (2)
        write_only (3)
Recur-  do_not_apply_permission_recursively (0)
sive    apply_permission_recursively (1)
enums   apply_permissions_recursively_and_allow_structure_modification (2)
Flags   autocreate (1)
enums   Currently there is only one flag; if more flags are introduced, they can be combined with the
        bitwise OR operator.
        If no flag is wanted, use the value 0 (zero) or the empty string “”

Time-based OTP (TOTP)

This field accepts the name of an AD attribute that contains a otpauth://totp/ URL which defines the Time-based One Time Password to be validated upon login.

If the is optional checkbox is selected, the attribute does not need to exist for the user in order for the login to succeed.

Attribute Details


Type           Single-valued UNICODE string
Format of each A otpauth://totp/ URL string as defined here:
value          https://github.com/google/google-authenticator/wiki/Key-Uri-Format
Example        otpauth://totp/username?digits=6&period=30&secret=BATVS3ZYI3DM-
               RFG3FKV2AOVH6MFUPMJX

Public Keys

This field accepts the name of an AD attribute that contains public keys to be validated upon login.

If the is optional checkbox is selected, then the attribute’s existence for the given user is not required for a successful login.

Attribute Details


Attribute Details
Type Multi-valued UNICODE string Format of each Each value is a public key in any of the text formats supported by FileZilla Pro value Enterprise Server

Groups

This field serves two purposes: it defines which FileZilla Pro Enterprise Server groups a user belongs to (see Adding Users to Groups) and optionally maps Active Directory (AD) security groups to the selected FileZilla Pro Enterprise Server groups.

The behavior is as follows:

  1. If a FileZilla Pro Enterprise Server group is selected and mapped to an AD group:
    • If the AD user is a member of that AD group › they are added to the FileZilla Pro Enterprise Server
      group.
    • If the AD user is not a member of that AD group › they are not added to the FileZilla Pro Enterprise
      Server group.

  2. If a FileZilla Pro Enterprise Server group is selected but no AD mapping is defined › the user is added to
    the FileZilla Pro Enterprise Server group.
  3. If a FileZilla Pro Enterprise Server group is not selected › the user is not added to it.
    AD groups can be specified either by name (e.g. DOMAINgroup) or by SID (e.g. <SID=S-1-5-21-...>).

Policies

In the Policies tab you configure which criteria must be met for the login to be allowed.

AD Security Groups

This field accepts a list of AD security groups the AD user must be a member of for login to be allowed.

Groups must be specified one per line, either by name (e.g. DOMAINgroup) or by SID (e.g. <SID=S-1-5-21-...>).

Tags: ,