Ldap parameters -60 – Western Telematic MPC-20VS16-3 User Manual
Page 91
5-60
Basic Configuration
5.9.8. LDAP Parameters
The MPC supports LDAP (Lightweight Directory Access Protocol,) which allows
authentication via the "Active Directory" network Directory Service. When LDAP is
enabled and properly configured, command access rights can be granted to new users
without the need to define individual new accounts at each MPC unit, and existing users
can also be removed without the need to delete the account from each MPC unit.
This type of authentication also allows administrators to assign users to LDAP groups,
and then specify which plugs the members of each group will be allowed to control at
each MPC unit.
In order to apply the LDAP feature, you must first define User Names and associated
Passwords and group membership via your LDAP server, and then access the MPC
command mode to enable and configure the LDAP settings and define port access
rights and command access rights for each group that you have specified at the LDAP
server.
To access the LDAP Parameters menu, login to MPC command mode using a password
that permits Administrator Level commands and then proceed as follows:
• Text Interface: Type
/N and press [Enter] to display the Network Parameters
Menu (Figure 5.17.) At the Network Parameters Menu, type
27 and press [Enter] to
display the LDAP Parameters Menu.
• Web Browser Interface: Place the cursor over the "Network Configuration" link on
the left hand side of the screen. When the fly-out menu appears, click on the "LDAP
Parameters" link to display the LDAP Parameters Menu.
Notes:
• Plug access rights are not defined at the LDAP server. They are defined via
the LDAP Group configuration menu on each MPC unit and are specific to
that MPC unit alone.
• When LDAP is enabled and properly configured, LDAP authentication will
supersede any passwords and access rights that have been defined via the
MPC user directory.
• If no LDAP groups are defined on a given MPC unit, then access rights will
be determined as specified by the "default" LDAP group.
• The "default" LDAP group cannot be deleted.
The LDAP Parameters Menu allows you to define the following parameters:
• Enable: Enables/disables LDAP authentication. (Default = Off.)
• Primary Host: Defines the IP address or domain name (up to 64 characters) for
the primary LDAP server. (Default = undefined.)
• Secondary Host: Defines the IP address or domain name (up to 64 characters) for
the secondary (fallback) LDAP server. (Default = undefined.)
• LDAP Port: Defines the port that will be used to communicate with the LDAP
server. (Default = 389.)