Ldap Server view
Figure 382. Ldap Server view and tab
To access this view, click, double-click your LDAP network device driver row row in the Remote Drivers view, click the LdapServers tab, and double-click the server row in the table or select the server row and click the Hyperlink button (
).
The view title, LdapServer in this example (this name may be different in your system), displays in the top left corner above the buttons and link.
- Save updates the server record in the database.
- Ping initiates communication with the server to verify the connection.
- Import opens the Import Preferences window.
- LdapNetwork returns the focus to the LdapNetwork view.
Properties
This tab configures LDAP server properties.| Property | Value | Description |
|---|---|---|
| Status | read-only | Reports the condition of the entity or process at last polling.
{ok} indicates that the entity is licensed and polling successfully. {down} indicates that the last poll was unsuccessful, perhaps because of an incorrect property. {disabled} indicates that the Enable property is set to false. {fault} indicates another problem. Depending on conditions, multiple status flags may be set including {fault} and {disabled}, combined with {down}, {alarm}, {stale}, and {unackedAlarm}. |
| Enabled | true or false |
Turns the feature on (true) and off (false). |
| Fault Cause | read-only | Reports the reason why a network, component, or extension is in fault. Fault Cause is blank unless a fault exists. |
| Health | read-only | Reports the status of the network or component. This advisory information, including a time stamp, can help you recognize and troubleshoot network problems but it provides no direct network management controls. |
| Alarm Source Info | additional properties | Links to a set of properties for configuring and routing alarms. These properties are documented in the Alarm Setup topic of the PDF and in the help system (search for Alarm Source Info). |
| Ldap Connection | additional properties |
Refer to LDAP Connection properties. |
| Vendor Name | read-only | Identifies the name of the LDAP server vendor. |
| Vendor Version | read-only | Reports the software version of the LDAP server. |
| Supported L D A P Version | read-only | Reports the supported version number. |
| User Search Base | String chooser | Opens the String chooser window.
Refer to User Search Base string chooser. |
| User Search Filter | String chooser | Opens the String chooser window.
Refer to User Search Filter string chooser. |
| Search Scope | drop-down list | Defines how much of the User Search Base to actually search: |
| Polling Interval | plus or minus hours minutes and seconds | Defines how frequently to poll the LDAP server. |
| Periodic purge schedule | read-only | When a personnel record is deleted from the system security database, it needs to deleted from the LDAP server. The security
system removes deleted records from the LDAP server on a regular schedule, which is documented here. This schedule can be
changed using
|
| Ldap Import Config | additional properties |
See Ldap Import Config. |
LDAP Connection properties
These properties configure the physical connection between the framework Supervisor PC and the LDAP server.
Figure 383. Ldap Connection properties
You access these properties by navigating to . Then you double-click the LDAP network driver row in the table, click the LdapServers tab, double-click the LDAP server name in the table, and expand the Ldap Connection property group.
| Property | Value | Description |
|---|---|---|
| Connection Host | text; defaults to the connection already made | Defines the URL to the LDAP server. The location may be on the same computer or elsewhere available on an intranet or the Internet. |
| Connection Port | number; defaults to 10389 | Defines the port over which the computer communicates with the server. |
| Enable TLS | true or false (default)
|
Selects secure transmission and identity verification using the TLS protocol. Do not change this value unless you are confident of what you are doing. Changing this value could open the system to hackers. |
| Authentication Mechanism | drop-down list; defaults to None |
Identifies the method used to verify the identity of the LDAP server to its client, the system security database.
|
| Connection User | text | Defines the LDAP server attributes for the security system administrator.
uid=admin is an example of the distinguished name for this user. dc=com is the user parent class. |
| Connection Password | text | Defines the password the LDAP server requires for this user. |
| Enable Connection Pooling | true (default) or false |
Enables and disables the use of a connection pool. To speed processing, LDAP servers maintain a pool of connections. A request from the security system that uses an existing connection saves valuable processing time, which improves system performance. Do not change the default (true = enabled) setting unless you know what you are doing. |
| Initial Size | number; defaults to 0 (zero) | Defines the number of pooling connections. |
| Max Size | number; defaults to 10 | Defines the maximum number of connections to the LDAP server that the security system supports concurrently. |
| Perf Size | number; defaults to 0 (zero) | Defines the preferred number of connections to the LDAP server that the security system supports concurrently. |
User Search Base string chooser
WARNING: WARNING: If, after importing records from the LDAP server, you change the search criteria (
User Search Base, User Search Filter or Search Scope), and then purge records from the system, the purge deletes all existing personnel records in the database. If this happens,
personnel will not have access to your facility.Defines where to start searching for personnel in the LDAP server hierarchy.
ou stands for organizational unit.dc stands for domain controller.
dn stands for distinguished name. this name both uniquely identifies an entry in the LDAP database and descrbines its position in the hierarchy.
You would change this property to access the personnel records for a specific tenant or other group.
Rather than requiring you to type the LDAP server attribute equivalents, this window provides a list from which to choose.
Figure 384. User Search Base string chooser
You access this window by clicking the chevron to the right of User Search Base on the Ldap Server tab.
User Search Filter string chooser
WARNING: If, after importing records from the LDAP server, you change the search criteria (
User Search Base, User Search Filter or Search Scope), and then purge records from the system, the purge deletes all existing personnel records in the database. If this happens,
personnel will not have access to your facility.Defines the objectClass (metadata) associated with each personnel record. This objectClass identifies the record as a personnel record versus a system or other record type in the server database.
This chooser adds metadata (text strings), which the system uses to search the LDAP server.
Figure 385. User Search Filter string chooser
You access these properties by clicking the chevron next to User Search Filter property on the Ldap Server tab.
The three control buttons (Add, Edit and Delete) perform standard functions.
Ldap Import Config
These properties configure the import action from the LDAP server to the security system’s station database. By default, the security system imports data from the LDAP server once every hour. The maximum number of personnel records the system can import at one time is 5000. This number is not likely to be reached within the space of one hour.
Figure 386. Ldap Import properties
| Property | Value | Description |
|---|---|---|
| Import Frequency | drop-down menu | |
| Last Import Time | read-only | Reports the last time the system imported data. |
| Group Attribute | text | Defines the LDAP server attribute that provides the LDAP group Distinguished Name. Each LDAP user belongs to a group. |
| Allow New Inactive Users | true (default) or false |
Indicates that users may be added before they are activated in the system. |
| Status Attribute | text | Reports LDAP user status: active or inactive. |
| Active Status Values (Comma Separated) | text values, comma separated | Defines a list of values, which indicate a valid user status. This list is specific to your organization’s personnel policies. |
| Account Expiry Date Time Attribute | text |