Product Features
...
Access Control
LDAP/AD Auth

Add an LDAP/AD Provider

6min

You must configure providers in Manufacturing Connect Edge to activate LDAP/AD authentication. The edge device contains a client that communicates with the LDAP server and receives information based on the client access level.

You can add an LDAP/AD Provider by navigating to System > Access Control > LDAP/AD Auth.

Important:

  • Manufacturing Connect Edge Authentication Providers do not support nested groups. A separate group for each role is required.
  • Once you have added a provider, you need to select a provider on the login screen.

To configure LDAP for Manufacturing Connect Edge, you must find the DN information from the LDAP server.

An LDAP Bind DN supplies the user and the user location in the LDAP directory tree. The LDAP client configuration file contains this information. See Find LDAP Distinguished Names (DN) for more information.

To add an LDAP provider:

  1. Navigate to System > LDAP/AD Auth.
  2. Click the LDAP / AD Auth tab.
  3. Click the Add a Provider icon. The Add Provider dialog box appears.

    Document image
    
  4. Select the type of method for adding the provider.
    • Load AD Template: Load pre-defined template for the Active Directory LDAP.
    • Load OpenLDAP Template: Load pre-defined template for the OpenLDAP server.
    • Load: Load a file with pre-defined settings for the provider.
    • Advanced: Create a provider without a template.
  5. Configure the settings for the provider.

Generic

  1. Enter the provider name in the Name field.
  2. The default selection for Type is generic. Confirm the generic settings and click Next. The Connection section displays.

Connection

  1. Configure the Connection settings.
    • Host: Enter the fully qualified domain name or IP address of your LDAP server.
    • Port: Enter the LDAP host port number in the Port field. The default LDAPS (Secure LDAP) port is 636. The default LDAP port is 389.
    • Use TLS: Select the checkbox to enable TLS authentication. When TLS is not enabled, Manufacturing Connect Edge expects to find a configured Custom Certificate. See Add a Custom CA Certificate.
    • TLS Root CA: If you select TLS authentication, paste the root SSL/TLS certificate or click Upload and load the file.
    • Bind DN: Enter the bind DN identifier. The bind DN identifies the user and the location of the user in the LDAP directory tree. See Find LDAP Distinguished Names (DN).
    • Bind DN Password: Enter the password used to authenticate against LDAP.
  2. When done, click Next. The User section displays.

User

  1. Configure the User settings.
    • User Search Base DN: Enter a value. This Base DN (Distinguished Name) is the point in the LDAP directory tree that the LDAP service uses to initiate a user search. The Base DN is the latter part of the Bind DN. See Find LDAP Distinguished Names (DN).
    • Search Scope: Select an option from the drop-down list.
      • Base limits the search to the base object. 
      • One restricts the search to "one level", or in other words, the immediate children of the base object. 
      • Sub enables a full LDAP tree search, including all children of the base object.
    • User Search Filter: Enter a filter to search LDAP users.
    • Attribute for Unique UserID: Enter the unique user ID number (uidNumber).
    • Attribute for Username (for logging in): Enter the attribute that will be used for logins.
    • First Name: Enter the user's first name.
    • Last Name: Enter the user's surname.
  2. When done, click Next. The Groups section displays.

Group

  1. Configure the Group settings.
    • Group Search Base DN: Enter a value. This Base DN (Distinguished Name) is the starting point that the LDAP service uses to find a group in the LDAP directory tree. Example of Group Base ND: CN=Users,CN=Builtin,DC=MyDomain,DC=com
    • Search Scope: Select an option from the drop-down list.
      • Base limits the search to the base object.
      • One restricts the search to "one level", as in the immediate children of the base object.
      • Sub enables a full LDAP tree search, including all children of the base object.
    • Group Search Filter: Enter a filter to query the Active Directory in the Group Search Filter field. See How to write LDAP search filters for more information about creating search filters. Example of a filter to query group objects with a common name (CN) starting with Admin: (&(objectCategory=group)(cn=Admin*))
    • Group Name Attribute: Enter the common name (CN) for the group to search.
    • Group Membership Attribute: Enter the distinguished name (DN) for the group to search.
    • Member Value Type: Enter the value type for members in the group, DN or CN.
  2. When done do one of the following:
    • Click Test to test the provider.
    • Click Save to save the settings for the provider.
    • Click Create & Map Groups to create the provider.

The provider is created. Use this provider when logging in to Manufacturing Connect Edge.