LDAP communicates record-based, directory-like data between programs. It defines database access permissions and provides
a schema, which is a way to describe the format and attributes of data stored in a server.
Corporate and campus installations that already use Windows Active Directory, or other LDAP-based directory services to manage
user access across distributed network resources, can benefit from configuring
Niagara stations to use an LDAP user service. Benefits include:
- Ease of implementation. Installations that already use Windows AD or an open-source implementation of LDAP can easily include
stations in their existing user management configuration.
- Automatic new user account creation. When a user logs in to a station for the first time, the system automatically creates
a user account (component) in the station and populates it with pre-defined properties (based on user prototype), such as
permissions, and predefined LDAP properties (from the LDAP server), such as email address, full name, and language.
- Security. Kerberos authentication (available for LDAPv3-based AD or open source systems) offers a high level of security.
Implementing Kerberos requires client setup of hosts and browsers.
- Simplified login. Current users may log in without needing to enter credentials.
NOTE: All stations on the network (both Supervisors and controllers) must use the LDAP server. The system does not support a mixture
of stations using the standard UserService with other stations using an LDAP user service.