Over 46,000+ Business Solution Developers Find answers, ask questions, and connect with our community of business solutions developers, business owners and partners.
FileMaker Server – Directory Services and LDAP
When you host a FileMaker solution on FileMaker Server you can take advantage of a very powerful feature to use accounts and groups that already exist in the company’s Windows Active Directory or the OS X Open Directory. For the feature to work you need only two things on the deployment side:
- The FileMaker Server machine needs to be a member server of the Active Directory or Open Directory domain, and
- You flip this switch in the FileMaker Server admin console to complete the configuration:
That’s all there is to it. Unfortunately FileMaker Server has another feature that you find under the “FileMaker Clients” tab of the configuration called “Directory Service” and that one causes all sorts of confusion.
You can probably already guess where that confusion comes from: both Active Directory and Open Directory are Directory Services. However, in order to use External Authentication you do NOT need to configure this “Directory Services” part of FileMaker Server, it is not part of feature to let Active Directory and Open Directory accounts access the FileMaker Solution.
So what is it there for? Oversimplifying a bit, think of a Directory Service as a phone book. This feature writes an entry in that phone book so that you can look it up and find it easily. That is handy for users on large networks where the FileMaker Server may be on a different segment of the network and not visible in the “Local Hosts” display. Mind you: we are talking only about finding it, not giving users access to the solution.
To get any use out of the Directory Service feature on FileMaker Server you would also have to configure all the FileMaker clients to use the same settings. That is done by choosing the “View Hosts listed by LDAP” entry in the “Open Remote” dialog of FileMaker Pro. If you use the same configuration there as you did setting up the Directory Service for FileMaker Server, then your FileMaker Server will show up on the client.
On the client dialog we see “LDAP”. What is that all about? LDAP is a protocol, a language that all Directory Services understand, like HTTP is for web servers or SQL is for databases. Under the hood is what the Directory Service feature on both FileMaker Server and FileMaker Pro uses: it creates an LDAP query that the Directory Service understands and executes. Often you will see people use “LDAP” when they really mean the Directory Service, which just adds to the confusion. It certainly doesn’t help that there is a Directory Service called “OpenLDAP”…
If you want to see the Directory Service feature of FileMaker Server in action, you can check out my video tutorials at www.vtc.com. There is a demo in the tutorial series for FileMaker Server 8 and 10, but since it’s a feature that’s almost never used, I decided not to bother with it in the tutorial series for FileMaker Server 11 and 12.
Do you need the “Directory Service” feature? Chances are you do not. But it certainly is useful. Just keep in mind that it has nothing to do at all with authenticating users in your solution.