Question:
When validating an LDAP login method using the Test option, I am able to get a “Authentication Successful” test. However, when attempting to synchronize users that should be tied to that LDAP method, MFT shows no users or groups have been pulled in. What is the cause of this behavior?

Answer:
Generally when a user can test the LDAP login method but the sync process doesn’t pull in any users, it is due to the Enforce Group Membership setting on the Login Method. However, this is not a bad thing to have enabled as it prevents your entire LDAP server from being synced to the GoAnywhere application. This simply means that only certain groups that belong to that LDAP server can login to the GoAnywhere MFT server.

In order for the users to be synced if that setting is turned on, you need to tie a Web User Group (or Admin User Group if you created the Login Method for those users) to that LDAP Login Method. To do so, navigate to the Users > Web User Groups (again Users > Admin User Groups if you created the login method for those users) and click Add Web User Group. You should then select LDAP Managed Group and select your LDAP Login Method from the dropdown. You will need to wait a minute for the LDAP Groups to populate but after they do, also select the appropriate group you wish to give access to MFT.

If you continue to the next screen, you will then be able to assign generic permissions that all members of that Web User Group will inherit so you can choose these accordingly. Once done, click Save and then try syncing the LDAP Login Method again and you should see the users that were tied to that LDAP group have been created within GoAnywhere.