From the Tower of Babel: FileMaker Server and Directory Services and LDAP

When you host a FileMaker solution on FileMaker Server you can take advantage of a very powerful feature to use accounts and groups already in the company’s Windows Active Directory or the OS X Open Directory. For the feature to work you need only two things on the deployment side:

  1. The FileMaker Server machine needs to be a member server of the Active Directory or Open Directory domain, and
  2. You flip this switch in the FileMaker Server admin console to complete the configuration:
Configuration: Database Server Security

That’s all there is to it.  Unfortunately, FileMaker Server has another feature under the “FileMaker Clients” tab of the configuration called “Directory Service.” This one causes all sorts of confusion.

Configuration: Database FileMaker Clients

You can probably already guess where that confusion comes from: both Active Directory and Open Directory are Directory Services. However, in order to use External Authentication you do NOT need to configure this “Directory Services” part of FileMaker Server. It is not part of the feature to let Active Directory and Open Directory accounts access the FileMaker Solution.

So what is it there for? Oversimplifying a bit, think of a Directory Service as a phonebook.  This feature writes an entry in that phonebook so that you can look it up and find it easily. That is handy for users on large networks where the FileMaker Server may be on a different segment of the network and not visible in the “Local Hosts” display.  Mind you: we are talking only about finding it, not giving users access to the solution.

To get any use out of the Directory Service feature on FileMaker Server you would also have to configure all the FileMaker clients to use the same settings. That is done by choosing the “View Hosts listed by LDAP” entry in the “Open Remote” dialog of FileMaker Pro. If you use the same configuration there as you did setting up the Directory Service for FileMaker Server, your FileMaker Server will show up on the client.

Specify LDAP Directory Service

On the client dialog we see “LDAP”.  What is that all about?  LDAP is a protocol, a language that all Directory Services understand. It’s similar to HTTP for web servers or SQL is for databases.  Under the hood is what the Directory Service feature on both FileMaker Server and FileMaker Pro uses. It creates an LDAP query that the Directory Service understands and executes. Often you will see people use “LDAP” when they really mean the Directory Service, which just adds to the confusion. It certainly doesn’t help that there is a Directory Service called “OpenLDAP”…

If you want to see the Directory Service feature of FileMaker Server in action, you can check out my video tutorials.  I include a demo in the tutorial series for FileMaker Server 8 and 10. However, as the feature is seldom used, I decided not to bother with it in the tutorial series for FileMaker Server 11 and 12.

Do you need the “Directory Service” feature?  Chances are you do not.  But it certainly is useful.  Just keep in mind that it has nothing to do at all with authenticating users in your solution.

Have questions? You can contact my team directly for more insights. I also recommend you check out our other FileMaker posts to learn more about customizing your solution.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top