Q: Can I use SSL/TLS with LDAP?

A: Yes, in fact, you should configure all platforms and stations for TLS (Transport Layer Security). Refer to the Station Security Guide.

Q: Can a system use a combination of LDAP or Active Directory along with the network user feature in a NiagaraNetwork?

A: No. the Niagara network-user feature is incompatible with LDAP (and no hybrid system is supported). All centralized user management is provided by the LDAP server. Local station users, which are unique to each station, are supported.

Q: Is Kerberos always associated with LDAP in Niagara?

A: Kerberos is an available authentication scheme for LDAPv3.

Q: Can a station support an older LDAPv2 level server or Active Directory using the newer LDAPv3–compatible LDAP schemes?

Yes. These schemes are backwards-compatible with LDAPv2-based systems. However, Kerberos authentication is not available.

Q: Can I configure my stations to run in FIPS mode (FIPS 140-2) and also use LDAPv3 with Kerberos authentication?

A: No. When running in FIPS mode, the set of permitted cryptographic algorithms is smaller—only algorithms that are FIPS-approved may be used. Due to this restriction, Kerberos cannot be used when running in FIPS mode, as the algorithms it requires are not supported by the FIPS cryptographic provider.