To configure the ActiveDirectoryConfig component

With the station opened in Workbench, in the ActiveDirectoryConfig component property sheet.

1. As needed, change property values. Typical properties that may be changed from defaults are as follows:

   • Connection URL

     URL of your LDAP (Active Directory) server, usually in the form: ldap://your.domain.net

     If the server uses a “non-standard” port, include in the URL, e.g. ldap://your.domain.net:999

     (note standard LDAP ports are 389, or else 636 if SSL).

     Note the scheme ldaps://your.domain.net is not supported in Connection URL.

   • SSL

     Either ‘false’ (default) or ‘true’. If ‘true’, the station uses SSL to communicate with the LDAP server.

     If true, be sure to enable SSL in the station’s NiagaraNetwork’s FoxService (for Workbench-to-station access) and also station’s WebService (for browser-to-station access).

   • User Login Attr

     The specific attribute in the LDAP directory for the desired user login name.

     For Active Directory, the default sAMAccountName value is always used.

   • User Base

     Sub-tree of the LDAP server in which users who can access this station can be found. At the very least, it must contain the domain components of the server’s domain, e.g. DC=domain, DC=net

   • Attr Email

     The specific attribute in the LDAP directory to store user’s email address, the value of which populates the Niagara user’s Email property. The Active Directory default value is: mail

   • Attr Full Name

     The specific attribute in the LDAP directory to store user’s full name, the value of which populates the Niagara user’s Full Name property. The Active Directory default value is: name

   • Attr Language

     The specific attribute in the LDAP directory to store user’s language, the value of which populates the Niagara user’s Language property. There is no default value (is blank).

   • Attr Cell Phone Number

     The specific attribute in the LDAP directory to store user’s cell phone number, the value of which populates the Niagara user’s Cell Phone Number property. The default value is: mobile

   • Attr Prototype

     The specific attribute in the LDAP directory to use for mapping a User Prototype (under the user service’s UserPrototypes container) to users. The Active Directory default value is: memberOf

     This mechanism uses an “attribute value”-to-“component name” matching method of selection, where if no “name-matching” User Prototype is found, the frozen Default Prototype is used (when making the User component for the LDAP user, upon initial station login).

     For related details, see Configure User Prototypes.

   • Bind Format

     (ActiveDirectoryConfig under LdapV3ADUserService only) If not using Kerberos, but instead the SimpleAuthenticator, it may be necessary to specify the exact format of the login name to send to the LDAP server. This can differ according to the LDAP server, and may be required more often when the “Authentication Choice” in the SimpleAuthenticator is DIGEST MD5. In some cases, just the user base and login name may be sufficient to find a user in the LDAP directory.

     For more information on this property, along with any other properties omitted above, see ActiveDirectoryConfig (V3).

2. Save the property values.

3. In the LdapV3ADUserService, choose and configure a child authenticator. The default authenticator type is KerberosAuthenticator. Alternatively, you can use a SimpleAuthenticator. For details, see Configure the LDAP authenticator (LdapV3 only).

   In the (LDAPv2-compatible only) ActiveDirectoryService, a child authenticator component is not used. Instead, another property is used, found at the bottom of the ActiveDirectoryConfig property sheet:

   • Domain

     The value of this property is combined with the user’s login name when authenticating against the server. For example, if the Domain property value is “example.com” and User Login Attr property value is “sAMAccountName”, the ActiveDirectoryService would attempt to authenticate janedoe as jandoe@example.com.