2 external authentication (ldap) – Belkin OmniViewIP 5000HQ User Manual

46

OmniView IP 5000 HQ

sections

table of contents

1

3

5

7

9

11

13

15

17

19

2

4

6

8

10

12

14

16

18

20

21

17

seTTInGs – aPPlICaTIOns

9 .2 .2 external authentication (lDaP)
LDAP (Lightweight Directory Access Protocol) is a standard protocol for

accessing information in a directory.

LDAP defines processes by which a client can connect to an X.500-

compliant or LDAP-compliant directory service to add, delete, modify,

or search for information, provided the client has sufficient access rights

to the directory. For example, a user could use an LDAP client to query

a directory server on the network for information about specific users,

computers, departments, or any other information stored in

the directory.
note! OmniView IP 5000HQ supports Windows 2003 and Windows 2008

Active Directory LDAP Authentication.
9 .2 .2 .1 OmniView IP 5000HQ in external authentication (lDaP) mode
In external authentication (LDAP) mode, OmniView IP 5000HQ deletes all

users created before in local authentication mode. New users can only

be imported from a Windows 2003 or Windows 2008 Active Directory.

OmniView IP 5000HQ will validate all user credentials against the

external LDAP server only.

Only the “admin” account remains as a “backdoor” account. This user

has OmniView IP 5000HQ local access. Admin account is allowed to

manage OmniView IP 5000HQ with “Administrator” access privileges.

However, “admin” is not permitted to connect to targets. This account

will allow changing OmniView IP 5000HQ to local authentication mode

at any time.

There is no direct access to any IP device. OmniView IP 5000HQ will act

as a gateway.

Since the OmniView IP 5000HQ user accounts are kept in the local

database, some of the local accounts might not have related LDAP

objects (e.g., some users’ accounts might migrate to another LDAP

path). To clean the local database from those ghost accounts that will

never pass LDAP authentication, OmniView IP 5000HQ provides the

customers with the manual synchronize operation.

User groups will not be deleted and will be managed locally after

its import.

When changing OmniView IP 5000HQ to local authentication mode, all

the users appear as “inactive.” To reactivate the users, the administrator

must explicitly provide each account with a local password.
9 .2 .2 .2 Dns setting in lDaP mode
Important! The correct DNS setting is vital for the successful

configuration of the OmniView HQ in LDAP mode. You set the HQ

DNS settings in the “Settings / Unit Maintenance / Network” tab.

See the “Network tab” section on page 95.