'LDAP Configuration' Tab
If you use an LDAP configuration directory service, the users can log in using the password managed there – automatically or via a dialog.
It is, however, necessary to transfer the user names to the enaio®user administration via the security system's user management function (see 'Setting Up Groups').
Only users who are listed in both the LDAP directory service and the enaio® user administration can log in using LDAP authentication.
The 'Import user' automatic action can be used to transfer user names (see 'Importing User and Group Data').
Group-specific access rights and system roles can only be specified in the enaio® security system.
Tick the LDAP authentication active checkbox.
Enter the name of the LDAP server and its port.
Enter the binding string.
Select Use SSL for LDAP-S.
You can test the connection.
You can enter several entries for server, port, and binding string, separated by semicolons. Servers will be queried in sequence. Data of the first server that is reached will be used for user administration.
To import users from the directory service into the enaio®user administration, assign the LDAP attribute which you are using as a unique user ID to the user ID 'Name'.
Optionally, you can assign the identifiers 'Full name' and 'Comment' to LDAP attributes in order to automatically transfer this data to the user administration.
Each name to which an LDAP attribute is assigned can be used within the user administration in order to search for those users who will be transferred to the security system.
It is possible to set up further assignments when searching for users in the LDAP directory service. However, the relevant data will not be imported into the user administration.
Follow these steps to create assignments:
- Click the first line of the name field.
- Select an attribute for data transfer from the list or enter any other attribute for search purposes.
- Enter the LDAP attribute in the next column.
- Select 'yes' or 'no' in the 'Output' column.
By doing so, you are specifying whether or not to display this attribute in the hit list of an LDAP user search.
- Add extra lines for additional assignments.
If you select a line by clicking the line number, the following line options will be available:
|
|
Add an empty line below the selected one. |
|
|
Delete the selected line. |
|
|
Move the selected line down below the following line. |
|
|
Move the selected line up above the previous one. |
Anonymous access to the LDAP directory service is not usually allowed; as a result, authentication at the LDAP system is required for identifying LDAP users and their rights.
To do so, specify an LDAP user who has been provided with all required rights. The password will be encrypted prior to storage.
If LDAP authentication has been selected, and the LDAP directory service is not available, no user will be able to log in. Therefore, it is recommended that you create at least one user who has 'Supervisor' the system role and an enaio® password. This user can start enaio® administrator or enaio® enterprise-manager and change the settings in the user administration. It is still necessary to disable LDAP authentication first. To do this, change the value of the LoginMode string from '1' to '0' in the registry file using the …\Schemata\4.0\Login key. Then, all users with enaio® passwords will be able to start the programs based on their system roles.
on the right.
areas. Use the toolbar to show all hidden areas at once:
