Menu

Search

GlobalSCAPE Knowledge Base


Using the SAT module with Active Directory


GlobalSCAPE 5
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server's Secure Ad Hoc Transfer module, v1.7 and later

DISCUSSION

The Secure Ad Hoc Transfer (SAT) module can be configured to allow access by Active Directory (AD) group membership or to populate the From address with the current user’s e-mail address from Active Directory. In order for these settings to function, in IIS, an alternate form of authentication such as Basic authentication or Integrated Windows authentication must be enabled in the Authentication Methods dialog box. Also, ensure that the Enable anonymous access check box is not selected. Refer to IIS Authentication for more information about IIS authentication settings.)

You must make changes in the SAT configuration file, web.config, for AD-specific settings. Refer to KB article Q10483 - HOWTO: Making SAT work with Active Directory for an example.

The table below describes the Active Directory-related variables that can be edited in the web.config file.

Variable

Description

Default / Range

UseADExtensions

This setting enables or disables the Active Directory Server Configuration settings defined below.

False

AD-AuthorizedGroupListName

Defines the Active Directory group names used to specify which groups have access to SAT.

NOTE: A comma is used to separate a list of group names or * will allow all groups access to SAT.

Group List Examples:

"GROUP-01, GROUP-02, GROUP-03"

"*"

*

AD-SetFromFieldWithEmail

If the value is set to True, the From e-mail address will obtain the current logged user's e-mail address from Active Directory.

True

Path

Path utilized in LDAP query including Host Name, Port, and BaseDN

Path Examples:

"LDAP://RootDSE"

"LDAP://DOMAIN:389/OU=XXXXX,DC=XXXX,DC=XXXX"

n/a

SearchFilter

LDAP search filter configuration to retrieve user e-mail address.

%USER.LOGIN% will be replaced with the actual login name for the current SAT user.

NOTE: The special character & (ampersand) will need to be replaced with its associated character code & for the code to function correctly.

(&(objectClass=person)(|(sAMAccountName=%USER.LOGIN%)(userPrincipalName=%USER.LOGIN%)



(mail=%USER.LOGIN%)))

Attributes

The set of attributes to be retrieved from the query.

cn,sAMAccountName,



userPrincipalName,



mail,



displayName,sn

Scope

Search Scope:

Base = Limits the search to the base object. The result contains one object at most.

OneLevel = Searches the immediate child objects of the base object, excluding the base object.

Subtree = Searches the whole subtree, including the base object and all its child objects.

Subtree

UseConfiguredDomainAccount

The authentication method used to connect to Active Directory.

None = Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.

Anonymous = No authentication is performed

Delegation = Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.

Secure = Requests secure authentication.

NOTE: If the UseConfiguredDomainAccount = "" then UseConfiguredDomainAccount is set as "AuthenticationTypes.None" by default.

Secure

DomainAdminUser

This setting is required when the UseConfiguredDomainAccount is set to Secure. This is the username of an account that has the ability to query Active Directory.

User Name Examples:

"username"

"domain\username"

n/a

DomainAdminPass

This setting is required when the UseConfiguredDomainAccount is set to Secure. This is the base64 encoded password of the account that has the ability to query Active Directory.

(use encode.htm to obfuscate)

n/a

SenderEmailDisplayAttribute

Active Directory attribute name used to retrieve the From e-mail address

mail


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 4 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 12K times.
Options
Find Similar