The database authentication feature allows the administrator to authenticate against an external data-source, rather than explicitly adding users to CompleteFTP's internal user-list. Typically, this data-source is a database table or spreadsheet containing a list of usernames, passwords, optionally home directories and groups. This is a feature of the Professional and Enterprise Editions only.
Database authentication may be set up in the General User Settings dialog, accessed from the User panel. The Database authenticator must be enabled and configured via the 'Configure' link shown below
In the database authentication configuration dialog, enter the OLE DB connection-string in the top-most text-box and press the 'Test connection' button to verify that it works. The website, connectionstrings.com, is an excellent resource for connection-strings. It lists various types, so remember to choose an OLEDB connection-string. Also remember that the connection is made from the server, so if you are using CompleteFTP Manager on a machine other than the server then the connection-string may differ from the one you would use on your local machine.
The SQL query retrieves the user's password/password-hash. It may also optionally define a Windows home-folder and a list of groups to which the user belongs.
The password or password-hash must be the first field returned. It is highly recommended that any passwords stored in a database are hashed. Even better, use a 'salt' prepended to passwords before they are hashed. See the fourth field, below.
If a second field is returned then it will be assumed to be the Windows path of the user's home-folder. If the home-folder doesn't already exist when the user logs in then it will be created at that time. Note that this field will not be used if the type of the home-folder of the log-in-as user is "Virtual folder".
If a third field is returned then it will be assumed to be a comma-separated list of group-names (e.g. MyGroup1,MyGroup2,MyGroup3). The user will be treated as a member of all of the groups listed as well those of which the "defaultDatabase" user is a member.
If a fourth field is returned then it will be assumed to be the 'salt' that was prepended to the password before it was hashed (if hashing is enabled). The salt should be a random string of at least 8 characters. Salting is intended to defeat rainbow table attacks. Rainbow tables are sets of pre-calculated hashes for common passwords. If salts are not used, attackers can simply match these hashes with the hashes in your database. If salts are used, a new rainbow table must be calculated for each salt value (and these tables are computationally expensive).
Users connecting via this method are subject to the settings of the "defaultDatabase" user, which may be found in the Users panel. The administrator may, for example, enable only certain protocols for Automatic Windows user connections. If distinct settings are required for specific users then those users should be added explicitly as Windows users in the Users panel.
By default, the home folder is shown as /DatabaseUser. If the home folder is not provided by the query, the value of this folder will be used (which is a macro folder by default). If a home folder is provided by the query, the query's value will be used, but /DatabaseUser will still be displayed as the name of the user's home directory. The displayed name can be changed by modifying the name of the DatabaseUser system folder to use a macro, as described here.