Log in
Hot & Trending on FMT

FileMaker Server and Directory Services and LDAP

When you host a FileMaker solution on FileMaker Server you can take advantage of a very powerful feature to use accounts and groups that already exist in the company's Windows Active Directory or the OS X Open Directory.   For the feature to work you need only two things on the deployment side:

When you host a FileMaker solution on FileMaker Server you can take advantage of a very powerful feature to use accounts and groups that already exist in the company's Windows Active Directory or the OS X Open Directory.   For the feature to work you need only two things on the deployment side:

  1. The FileMaker Server machine needs to be a member server of the Active Directory or Open Directory domain, and
  2. You flip this switch in the FileMaker Server admin console to complete the configuration:

That's all there is to it.  Unfortunately FileMaker Server has another feature that you find under the "FileMaker Clients" tab of the configuration called "Directory Service" and that one causes all sorts of confusion.

You can probably already guess where that confusion comes from: both Active Directory and Open Directory are Directory Services.    However, in order to use External Authentication you do NOT need to configure this "Directory Services" part of FileMaker Server, it is not part of feature to let Active Directory and Open Directory accounts access the FileMaker Solution.

So what is it there for?  Oversimplifying a bit, think of a Directory Service as a phonebook.  This feature writes an entry in that phonebook so that you can look it up and find it easily.  That is handy for users on large networks where the FileMaker Server may be on a different segment of the network and not visible in the "Local Hosts" display.  Mind you: we are talking only about finding it, not giving users access to the solution.

To get any use out of the Directory Service feature on FileMaker Server you would also have to configure all the FileMaker clients to use the same settings.  That is done by choosing the "View Hosts listed by LDAP" entry in the "Open Remote" dialog of FileMaker Pro.  If you use the same configuration there as you did setting up the Directory Service for FileMaker Server, then your FileMaker Server will show up on the client.

On the client dialog we see "LDAP".  What is that all about?  LDAP is a protocol, a language that all Directory Services understand, like HTTP is for web servers or SQL is for databases.  Under the hood is what the Directory Service feature on both FileMaker Server and FileMaker Pro uses: it creates an LDAP query that the Directory Service understands and executes.  Often you will see people use "LDAP" when they really mean the Directory Service, which just adds to the confusion.  It certainly doesn't help that there is a Directory Service called "OpenLDAP"...

If you want to see the Directory Service feature of FileMaker Server in action, you can check out my video tutorials at www.vtc.com.  There is a demo in the tutorial series for FileMaker Server 8 and 10, but since it's a feature that's almost never used, I decided not to bother with it in the tutorial series for FileMaker Server 11 and 12.

Do you need the "Directory Service" feature?  Chances are you do not.  But it certainly is useful.  Just keep in mind that it has nothing to do at all with authenticating users in your solution.

Soliant Consulting

Soliant Consulting employs the largest FileMaker development team in the world. We have a deep bench of talent starting with our CEO, Bob Bowers: he's co-authored seven books, led the team that has written six editions of the Authorized Training Series for FileMaker, Inc., spoken at more than a dozen FileMaker Developer Conferences, and has taught literally thousands of students spanning two decades of leadership in the field. Certified Expertise Soliant's team is certified in every version of FileMaker Pro and are specialists in building high-performance databases, hybrid web-FileMaker applications, integrations with a range of technologies including SQL, and conversions from prior versions. We work with your solution as is or can build from scratch. Find out how we can take your FileMaker databases to the next level.

Website: www.soliantconsulting.com/filemaker