To configure the LdapConfig component

With the station opened in Workbench, in the LdapConfig component property sheet.

1. As needed, change property values. Typical properties changed include the following:

   • Connection URL

     URL of your LDAP (Active Directory) server, usually in the form: ldap://your.domain.net

     If the server uses a “non-standard” port, include in the URL, e.g. ldap://your.domain.net:999

     (note standard LDAP ports are 389, or else 636 if SSL).

     Note the scheme ldaps://your.domain.net is not supported in Connection URL.

   • SSL

     Either ‘false’ (default) or ‘true’. If ‘true’, the station uses SSL to communicate with the LDAP server.

     If true, be sure to enable SSL in the station’s NiagaraNetwork’s FoxService (for Workbench-to-station access) and also station’s WebService (for browser-to-station access).

   • User Login Attr

     The specific attribute in the LDAP directory for the desired user login name.

     Different LDAP servers use a different attribute. For OpenLDAP, the attribute is: uid

   • User Base

     Sub-tree of the LDAP server in which users who can access this station can be found. At the very least, it must contain the domain components of the server’s domain, e.g. DC=domain, DC=net

   • Attr Email

     The specific attribute in the LDAP directory to store user’s email address, the value of which populates the Niagara user’s Email property. There is no default value (is blank).

   • Attr Full Name

     The specific attribute in the LDAP directory to store user’s full name, the value of which populates the Niagara user’s Full Name property. There is no default value (is blank).

   • Attr Cell Phone Number

     The specific attribute in the LDAP directory to store user’s cell phone number, the value of which populates the Niagara user’s Cell Phone Number property. There is no default value (is blank).

   • Attr Prototype

     The specific attribute in the LDAP directory to use for mapping a User Prototype (under the user service’s UserPrototypes container) to users. There is no default value (is blank).

     This mechanism uses an “attribute value”-to-“component name” matching method of selection, where if no “name-matching” User Prototype is found, the frozen Default Prototype is used (when making the User component for the LDAP user, upon initial station login).

     For related details, see Configure User Prototypes.

   • Bind Format

     (LdapConfig under LdapV3UserService only) If not using Kerberos, but instead the SimpleAuthenticator, it may be necessary to specify the exact format of the login name to send to the LDAP server. This can differ according to the LDAP server, and may be required more often when the “Authentication Choice” in the SimpleAuthenticator is DIGEST MD5. In some cases, just the user base and login name may be sufficient to find a user in the LDAP directory.

     For more information on this property, along with any other properties omitted above, see LdapConfig (V3).

2. Save the property values.

3. In the LdapV3UserService, choose and configure a child authenticator. The default authenticator type is KerberosAuthenticator. Alternatively, you can use the “SimpleAuthenticator”. For more details, see Configure the LDAP authenticator (LdapV3 only).

   In the (LDAPv2-compatible only) LdapUserService, a child authenticator component is not used. Instead, there are two other properties are at the bottom of the LdapConfig property sheet:

   • Connection User

     The user name for the initial LDAP server connection. It may be required if users who will be logging in are in different sub-trees of the LDAP directory. If the LDAP server supports anonymous connections, leave this property empty (blank).

   • Connection Pwd

     The password for the user specified in property Connection User.