Server SSL Certificate

To use the SSL function in the FTP server, you have to create or select an X.509 server certificate. This certificate can be signed by a valid CA or a self-signed certificate.

Xlight FTP Server uses certificates stored in the "Personal" ("My") certificate store of the "computer account" ("local Machine") in Windows. The location Xlight FTP Server used to select the certificate is the same as the Microsoft IIS web server. So if there is an IIS certificate in the same location, you can also use it for your FTP server.

Create self-signed SSL certificate - create a self-signed X.509 certificate.

ODBC database configuration

Enable ODBC data source  - Use ODBC data source

Data source name - The ODBC data source name in the "System DSN"

Database user - The name of the database user

Database password - The password of the database user

Local host id - The id value here is related to the "host_id" column in the "acct_table". Different host IDs can be used to represent different machines, so FTP servers of different machines can share the same database.

Test, create or upgrade database tables - Create, test and upgrade Xlight FTP Server's database tables. To create or upgrade database tables, the database user must have the related database permission.

When a user logs in to the FTP server, Xlight FTP Server will send two SQL queries to the database through ODBC connection to verify his password and get his settings.

The username and password are used by the first SQL query to find a match record in the database and get the basic parameters of this user, such as "home_path", "home_perm" etc. The "param_index" value returned by the first SQL query will also be used by the second SQL query.

The second SQL query will use the "param_index" value returned from the first SQL query to query the database table "acct_param_table" to get more settings for this user.

Xlight FTP Server allows the system administrator to replace these two SQL query statements to support advanced database applications, such as "stored procedure" in the database.

Statement to replace the first SQL query - The following parameters can be sent to the "stored procedure" in the first SQL query replacement:

$USER - This variable will be replaced with the username of the FTP user
$PASS - This variable will be replaced with password(MD5 or Text) of the FTP user
$ID - This variable will be replaced with the "Local Host ID" value of the machine
$PORT - This variable will be replaced with the virtual server port
$USERIP - This variable will be replaced with the IP address of the FTP user
$SERVERIP - This variable will be replaced with the IP address of the virtual server that the FTP user is connected to

For example, if you use "EXEC proc_getuser '$USER', '$PASS', $ID, $PORT" for the first SQL query replacement, when the user "test" logins with the password "hello" to FTP server port 21 and host_id 1, after replacement, it sends "EXEC proc_getuser 'test', 'hello', 21, 0" to database.

Statement to replace the second SQL query - The following parameters can be sent to the "stored procedure" in the second SQL query replacement:

$INDEX - This variable will be replaced with the "param_index" value returned from the first SQL query replacement
$PORT - This variable will be replaced with the virtual server port
$SERVERIP - This variable will be replaced with the IP address of the virtual server that the FTP user is connected to

If the "stored procedures" are used, the "acct_table" and "acct_param_table" used by the Xlight FTP Server may not exist in the database. Xlight FTP server doesn't know if "acct_table" or "acct_param_table" really exists in the database. It only looks at the returned result sets of both SQL queries. If the first SQL query replacement statement returns a row from the database, Xlight FTP will think the authentication is successful. It will use values from the returned row as basic parameters of this user. If you want to deny this user from accessing the FTP server, you should let the database not return any row to the FTP server, which indicates that this user failed authentication. The "param_index" value returned from the first SQL query can be used by the second SQL query replacement statement.

Remote server administrator

Xlight FTP Server allows you to set up a remote server administrator. Remote server administrators can use the SITE command and manage the FTP server by remote administration GUI (To use remote administration, Xlight FTP Server has to be the professional edition or in the 30-day trial period). Remote administrators can connect from any opened port of virtual servers. Administrators can also use a dedicated remote administration port, but it is not necessary.

Enable remote server administration - Enable remote administration function. If remote administration is disabled, no remote administrator can connect to the FTP server.

Administrator with full control right - Remote administrator has full administration right

Administrator with read-only right - Remote administrator has read-only right

Remote Administrator IP ranges - Restrict IP ranges that the remote administrator can connect from.

Use dedicated remote admin port - A dedicated remote administration port is not necessary, but if the system administrator wants a dedicated remote administration port, he can configure it here.

Use implicit SSL on dedicated port - The remote administrator must connect to the dedicated port by the implicit SSL. Before using this option, the server must have a valid X.509 server certificate selected in the "Global Options->Server SSL Certification".