As with previous versions of NiagaraAX LDAP user services, all current versions (LDAPv3 and LDAPv2) may not be used with the (default) FoxService authentication scheme of Digest, nor with the (default) WebService authentication scheme of Cookie Digest.
Therefore with any LDAP user service:
-
If you want LDAP user login via Workbench, you must set the FoxService’s “Authentication Scheme” property to Basic (see Figure 1).
Figure 1. Set Config > Drivers > NiagaraNetwork > FoxService property Authentication Scheme to Basic
-
If you want LDAP user login via browsers, you must change the station’s WebService property “Authentication Scheme” to Cookie (see Figure 2).
Note best security practices recommend the Digest authentication scheme. However, that is not possible when using an LDAP user service. Therefore, we strongly recommend that you turn on the SSL features in the FoxService (“Foxs Enabled”) and WebService (“Https Enabled”). This will help keep your credentials secure.
Alternatively, in AX-3.8 you can use Kerberos authentication, which is secure even over “cookie” authentication. Note SSL is still recommended, just as it is when using Digest authentication.