For this post, I will provide a tutorial on how to turn on LDAP authentication on a Filezilla server. If you haven’t heard of Filezilla server before, it is a free and easy to use FTP/FTPS solution.
By default, Filezilla server only supports local user accounts. However, since Filezilla is open-source, there is a version which allows for Active Directory Authentication.
Prior to installing Filezilla server, you want to make sure that all of the necessary ports are open between the Active Directory Domain Controller and the Filezilla server.
Configuring LDAP on server settings:
- Go to the site, download and run the executable installed on your FTPS server: https://sourceforge.net/projects/fzldap/
- Open the Filezilla server config console > Edit > Settings
- In the LDAP tab > check “Enable LDAP support. Beta.” > and fill the LDAP server IP Address, Port (389), and LDAP Domain > check “Enable TLS/SSL”
- In the SSL/TLS Settings tab > check “Enable FTP over SSL/TLS support (FTPS)” > click “Generate new certificate” and fill the necessary fields. Once you have generate a certificate, place the location of the key and certificate on the “Private key file” and “Certificate file” fields. Check “Allow explicit FTP over TLS” and the default port should be 990.
Enabling LDAP on a user:
- Go back to the server config console > Edit > Users
- Click “Add” to setup a new user
- The new username should be identical to the domain login username. For example, if my domain login username is “anindayu.pradetha”, the Filezilla user should be “anindayu.pradetha” as well.
- Unchecked the “Password:” option, the password field should be empty.
- Check LOCAL and LDAP options in “Check password in”
- Setup the shared folders settings accordingly.
- Click OK once finish with configuration.
Now, you should be able to login to your FTPS server with the AD username and password!