Skip to docs navigation Skip to main content

Documentation

Configuring LDAP

BrickFTP supports organizations that prefer to synchronize users and groups from Active Directory or OpenLDAP. This is done by configuring BrickFTP’s LDAP Synchronization feature.

BrickFTP will connect directly to your server via LDAP or LDAPS for both syncing and authenticating your Active Directory or OpenLDAP users (syncing occurs hourly). This requires that you have BrickFTP’s IP addresses whitelisted in your firewall for port 389 (LDAP) or 636 (LDAPS) to allow our servers to connect. We publish the full list of IP addresses here under IP Addresses.

To start setting up LDAP synchronization, navigate to Settings > Users, and click Manage LDAP.

Click to change Enable LDAP to Yes.

You will then be prompted to configure the following LDAP synchronization settings.

LDAP server is the type of directory server you will be connecting to (either Active Directory or OpenLDAP).

Host is the IP address or hostname of the LDAP server.

Port is the port available for the LDAP connection.

Secure connection specifies whether to use the secure LDAPS protocol when connecting to your LDAP server.

Username is an LDAP user that has permission to read your users and groups.

Password is the password for the username specified above.

Distinguished Name Base Search Path is the Base DN (Distinguished Name) to use for finding your users and groups. For example: OU=Users,DC=ACME,DC=local

Domain is the domain used to create unique system usernames. For example, local.acme.com will create usernames as “[email protected]”.

User action specifies if you would like users to be Added, Added and Deleted, or you can Disable user synchronization.

Include users in groups will limit users to those in the list of groups specified. Groups can be separated by commas or semicolons.

Group action specifies if you would like groups to be Added, Added and Deleted, or you can Disable group synchronization.

Ignored groups will exclude the groups listed from syncing. Groups can be separated by commas or semicolons.

When finished, click Save to begin synchronizing your LDAP users and groups.