LDAP configuration
Available from firmware 2020.6
Accessibility
|
This WBM page is accessible with user role:
|
How to get into the WBMHow to get into the WBM
Establishing a connection to the Web-based Management (WBM):
- Open a web browser on your computer.
- In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
for example: https://192.168.1.10/wbm.
For further information, see WBM.
LDAP Configuration page
The LDAP server enables central management of the users in a network (e.g. a Microsoft Active Directory). The PLCnext user authentication can be connected to an LDAP server. The LDAP configuration can be carried out via configuration files or in the WBM of the controller. You can configure up to 10 LDAP server connections.
- Use the button to accept the current configuration and transfer it to the controller.
- Use the button to discard the current configuration and reload and display the previously saved configuration.
The configuration options are described below.
General Options
In the General Options section you can activate or deactivate the LDAP configuration.
- To activate the LDAP configuration, select the checkbox.
- To deactivate the LDAP configuration, clear the checkbox.
LDAP Servers
In the LDAP Servers section you will find a table of LDAP configurations. The table contains the following columns:
| Column | Description |
| Seq. (sequence) | Sequence number of the LDAP server (the LDAP servers are contacted in this order) |
| Host Name | Host name or IP address of the LDAP server |
| Port | TCP port of the LDAP server |
| Base DN | DN (Distinguished Name) where the LDAP search for users starts. |
| Bind DN | DN (Distinguished Name) of the user with which the search in the LDAP directory is performed (optional). |
| Comment | Local user specific comment |
Below the table you will find the following buttons:
| Button | Function |
 |
Adds a new LDAP server configuration. Select the row after which the new LDAP server configuration is to be inserted. If no row is selected, the new LDAP server configuration is inserted at the end of the table. |
 |
Deletes the selected LDAP server configuration. |
 |
Moves the selected LDAP server configuration upwards/downwards. |
Add or edit a LDAP server configuration
The Edit LDAP Server Configuration and Add a new LDAP Server Configuration menus are structured in the same way.
- To add a new LDAP server configuration, click on the button at the bottom of the LDAP Servers table.
- To edit an existing LDAP server configuration, click on the button
in the respective column of the LDAP Servers table.
The respective configuration menu opens.
Basic configuration
In the Basic Configuration area you have the following setting options:
More information on the configuration attributes and their default values can be found here.
General Options
| Option | Description |
| Seq. | Sequence number of the LDAP server configuration (automatically assigned by the WBM) |
| Host name | DNS name or IP address of the LDAP server |
| Port | TCP port of the LDAP server (optional). The port is chosen automatically, port 389 for connections without TLS or StartTLS and port 636 for TLS connections. If necessary you can specify the port where the LDAP server can be reached. |
| Timeout | Timeout after a connection attempt to the server failed. Enter a value in the input field and choose a unit from the drop-down list. |
Security Options
| Option | Description |
| TLS Mode |
Select the TLS mode from the drop-down list:
|
| Trust Store | Select the trust store that is used for verification by entering a trust store name in the input field. All trust stores that match or start with the entry can be selected from the drop-down list. If you leave the input field empty, you can select from all existing trust stores. |
| Cipher List | List of permitted TLS cipher suites for the LDAP connection. Click here for details. |
Search Options
| Option | Description |
| Base DN | The LDAP DN (Distinguished name) that serves as starting point for the search for users over all child nodes. |
| Search filter | LDAP search filter that is used for the search for users. The variable "$$USER$$" is automatically replaced with the login. |
Login Options
| Option | Description |
| Bind DN | Enter the Distinguished Name of the user the search in the LDAP directory is performed with. |
| Bind Password | Enter the password of the Bind DN user in the LDAP server. |
| Confirm Bind Password | Confirm the password of the Bind DN. |
Local Options
| Option | Description |
| Comment | Enter a comment on the LDAP server configuration. |
Enhanced Configuration
In the Basic Configuration area you have the following setting options. Further details on the configuration attributes can be found here:
Group Attributes
In this area you can add or remove Group Attributes of the LDAP server configuration. You will find the following buttons:
| Button | Function |
| |
Adds a new group attribute. Enter an attribute name in the input field. |
|
Deletes the selected group attribute |
LDAP Group Mappings
In this area you can manage a list of LDAP Group Mappings. You will find the following buttons:
| Button | Function |
| |
Adds a new LDAP group. Enter the group name and choose the local user role from the drop-down list. |
|
Deletes the selected LDAP group mapping. |
- To save the new or modified LDAP server configuration, click the button.
- To discard the new or modified LDAP server configuration, click the button.
Related Topics