Server IP and Port - modify the virtual server's IP and port.
Enable SSL for Virtual Server - Enable SSL support for this virtual server. For SSL to work, you must select a server certificate in the "[Global Option]->[Server SSL Certification]". Please refer to the "Global Option" section about how to select the server certificate.
Explicit SSL - Explicit SSL mode. The virtual server's FTP control port is in the clear text FTP command mode by default. But a user after connecting with the server can switch his control connection to the SSL encryption mode by sending "AUTH TLS" or "AUTH SSL" commands before his login.
Implicit SSL - Implicit SSL mode. The virtual server's FTP control port is always in the SSL encryption mode. Only the FTP client supporting the SSL encryption mode can connect to it.
Require Client Certificate - SSL client authentication is another way of authenticating a client to the FTP server. After enabling this option, during the SSL handshake process, the FTP client must send a valid X.509 client certificate to the FTP server.
Enable external user authentication - The virtual server will use an external method to authenticate a user and get his settings.
Show debug trace information in Error Log - When external user authentication is enabled, show debug information in the Xlight FTP Server error log. This option can help to trace problems in the setup and configuration of external authentication.
Default user profile - This link has detailed description of the setup of the default user profile.
File contains users blocked from external authentication - When the server is connected to the public internet, there may be constant log-in attempts to your server by bots using common usernames. If the server authenticates the user via external authentication, log-in attempts by bots may create unnecessary load to the external authentication server. You can use this option to block some users from using external authentication. You create and select a text file and each line of the file is a username. Users in this file will not go to external authentication.
Authentication Type - Current supported authentication methods are ODBC and Active Directory.
ODBC - Use an external database through an ODBC connection to authenticate a user and get his settings.
Query Timeout(s) - The timeout value for the database check. If set to 0 (default value) = 90 seconds.
Skip "host_id" column - When the virtual server queries the external database, it will skip the "host_id" column in the database table "acct_table". Because the "host_id" column is used to identify different machines running different FTP servers, selecting the "Skip host_id column" option will make it possible to share user settings between different machines.
Skip "host_port" column - When the virtual server queries the external database, it will skip the "host_port" column in the database table "acct_table". Because the "host_port" column is used to identify different virtual servers inside the same machine, selecting the "Skip host_port column" option will make it possible to share user settings between virtual servers in the same machine.
Only check username and password - Virtual server will use the external database only for user authentication, which means that the FTP server will only check the "acct_table" for columns of "host_id", "host_port", "username", "password" and "no_password". A local user with the same name can be in the virtual server, whose settings will be then used for this user after authentication against the database.
Password Type - The virtual server can support either the password's MD5 hash or clear text password in the database. If "MD5" is chosen, the virtual server will use the MD5 hash value for the password in the database. If "Text" is chosen, the virtual server will use clear text for the password in the database.
For detailed steps of setting up ODBC user database, you can refer to this link.
Active Directory - Use Active Directory to authenticate a user and get his settings("homeDirectory"). If extended schema xlightFTPdUser is not used, the only setting that can be used in the Active Directory is "homeDirectory" (the attribute of the user object class). When a user uses the "homeDirectory" in the Active Directory, the permission will follow the NTFS permission settings for this directory.
Logon Domain - The domain that the user will log on into.
Base DN to begin searching users - The base DN to begin searching users. If a user is not located under the base DN, his authentication will fail. If base DN is empty, the FTP Server will only check the username and password against the whole forest of the Active Directory Domain.
Only check username and password - The virtual server will use Active Directory only for user authentication. A user with the same name can exist in the virtual server whose settings will be used for this user after authenticating with Active Directory.
Compatible with IIS FTP active directory user isolation mode - When this option is selected, Xlight FTP Server will read and use IIS FTP AD attributes msIIS-FTPRoot and msIIS-FTPDir as the user's home directory. If these two IIS FTP attributes are not set or available in the active directory, the AD attribute "homeDirectory" will be used.
Use NTFS permission for user's home directory - The user's home directory will be controlled by the NTFS permission.
Use NTFS permission for public path - Xlight FTP Server will impersonate the login AD account. The NTFS permission of each AD user will then be used to check against the public path access. NTFS-based permission will give more flexibility to the public path's permission control and it will override the public path's local FTP permission.
Use NTFS permission for group path - Xlight FTP Server will impersonate the login AD account. The NTFS permission of each AD user will then be used to check against the group path access. When a user logs in to Active Directory, if this account has a primary group in the AD, it will become this user's FTP group. If extended schema "xlightFTPdUser" is used and ftpGroupName is set, it will override the group from AD.
Use extended schema "xlightFTPdUser" - Use Xlight FTP Server extended schema xlightFTPdUser. The Schema file for xlightFTPdUser can be found in the ldap sub-directory, at the place where Xlight FTP Server is installed.
For detailed steps of setting up Active Directory, you can refer to this link.
LDAP - Use LDAP to authenticate a user and get his settings("homeDirectory"). If the extended schema xlightFTPdUser is not used, the only setting can be used in the LDAP Server is "homeDirectory" (the attribute of the POSIX object class). User name is get from the uid attribute of obejct class inetOrgPerson. The user password is checked against the password stored in the LDAP server.
LDAP Server - The IP address and domain name of LDAP Server.
Port - The port of the LDAP Server.
Use SSL/TLS connection - If the LDAP Server requires an SSL/TLS connection, you can select this option.
Bind DN - The Bind DN of LDAP Server. You should use Bind DN and Bind Password, if Anonymous Bind is not allowed in the LDAP Server or Anonymous Bind can't get enough access permission.
Bind Password - The Bind Password of LDAP Server. You should use Bind DN and Bind Password, if Anonymous Bind is not allowed in the LDAP Server or Anonymous Bind can't get enough access permission.
Anonymous Bind - Use Anonymous Bind in the LDAP Server. Most LDAP Servers support Anonymous Bind by default settings.
Base DN to begin searching users - The base DN to begin searching users. If you know the exact base DN for users, it will lead to faster searching speed than using the root DN of the domain.
Users' ObjectClass is "user", "posixAccount" or "organizationalPerson" - Unlike most LDAP Servers to use the object class "inetOrgPerson" for the attribute "uid". In some LDAP servers, the attribute "uid" is associated with the object class "user", "posixAccount" or "organizationalPerson". For these LDAP servers, you need to select this option, Otherwise, the user authentication will fail.
Only check username and password - The virtual server will use LDAP Server only for user authentication. A user with the same name can exist in the virtual
server whose settings will be used for this user after authenticating with the LDAP Server.
Use extended schema "xlightFTPdUser" - Use Xlight FTP Server extended schema xlightFTPdUser. The Schema file for xlightFTPdUser can be found in the ldap sub-directory, at the place where Xlight FTP Server is installed.
For detailed steps of setting up LDAP, you can refer to this link.
Download bandwidth (KB/s) - The virtual server's download bandwidth limit, 0(default) means unlimited download bandwidth.
Upload bandwidth (KB/s) - The virtual server's upload bandwidth limit, 0(default) means unlimited upload bandwidth.
Set bandwidth by IP address range - Set the virtual server download and upload bandwidth based on the IP address range of a user. When a user's IP address matches one of the IP ranges in here, its bandwidth will override the above default virtual server bandwidth. This option allows you to assign different server bandwidths to users based on their IPs. There are three ways to set the IP address range in Xlight FTP Server. 1. You can use the character * to represent the IP range 192.168.0.1 - 192.168.0.255 as 192.168.0.*. 2. You can set the IP range directly, such as 192.168.1.15 - 192.168.1.45. 3. You can use a subnet mask such as 192.168.0.1/24 or 192.168.0.1/255.255.255.0.
Maximum concurrent users - The maximum concurrent users allowed for this virtual server. 0(default) means that this virtual server will allow unlimited users.
Maximum logins from the same IP - This setting controls the times users from the same IP address are allowed to log in. 0(default) means that there is no limit on maximum logins from the same IP.
Maximum user idle time - Maximum user idle time in seconds. 0(default) means users will have unlimited idle time. If this setting has a value other than 0, a user will be disconnected when his idle time is over the maximum idle time.
Enable anti-idle scheme - Enable this option will enable the virtual server's anti-idle scheme. This anti-idle scheme will then be used to calculate the user's idle time.