FTP server authentication via SMTP server

2020/04/24 13:45 Posted by admin

Wing FTP Server supports LDAP or Active Directory authentication without creating any local users, and it is very convenient. But if your company does not have an LDAP/AD server, then how to handle user authentication without adding a local user? Yes, it is possible if you have an SMTP (email) server enabled in your company, just use your email address and its password for the FTP server login.

You can add the following Lua script into the FTP (or HTTP/SSH) event "BeforeUserLoggedIn":

local USER = "%Name"
local PASS = "%Password"
if string.match(USER,"^.*@xxx.com$") then
  if c_TestSMTP("smtplogin", USER, USER, 1, "smtp.xxx.com", 25, USER, PASS, 0) then
    bSelfAuthenticated = true

Here, the Lua API "c_TestSMTP" is an internal API for testing SMTP connection, the 5th parameter "smtp.xxx.com" means the SMTP server address, the 6th parameter "25" means the SMTP server port, and the last parameter means whether use TLS/SSL connection.

Now you can connect to the FTP server if you provide a matched email address and password. But after login, you will see an empty folder because you never set up the home directory for the SMTP authentication. So please use the settings of LDAP authentication instead, just check on the option "Domain > Settings > Authentication Settings > LDAP > Enable LDAP Authentication," and leave the host field empty, then specify a default home directory with necessary permissions. More information about LDAP authentication can be found here: https://www.wftpserver.com/help/ftpserver/data_storage.htm

Done! With just a few steps, all the staff in your company can log in with their email address and password, and it means USER/PASS can be synchronized in real-time from the SMTP server.