Add an LDAP/AD Provider

you must configure providers in manufacturing connect edge to activate ldap/ad authentication the edge device contains a client that communicates with the ldap server and receives information based on the client access level you can add an ldap/ad provider by navigating to system > access control > ldap/ad auth important manufacturing connect edge authentication providers do not support nested groups a separate group for each role is required once you have added a provider, you need to select a provider on the login screen to configure ldap for manufacturing connect edge, you must find the dn information from the ldap server an ldap bind dn supplies the user and the user location in the ldap directory tree the ldap client configuration file contains this information see find ldap distinguished names (dn) docid\ nwdyueyra tehykmk rq7 for more information to add an ldap provider navigate to system > ldap/ad auth click the ldap / ad auth tab click the add a provider icon the add provider dialog box appears select the type of method for adding the provider load ad template load pre defined template for the active directory ldap load openldap template load pre defined template for the openldap server load load a file with pre defined settings for the provider advanced create a provider without a template configure the settings for the provider generic enter the provider name in the name field the default selection for type is generic confirm the generic settings and click next the connection section displays connection configure the connection settings host enter the fully qualified domain name or ip address of your ldap server port enter the ldap host port number in the port field the default ldaps (secure ldap) port is 636 the default ldap port is 389 use tls select the checkbox to enable tls authentication when tls is not enabled, manufacturing connect edge expects to find a configured custom certificate see add a custom ca certificate docid\ k0l iimqa7mflnvrus5qj tls root ca if you select tls authentication, paste the root ssl/tls certificate or click upload and load the file bind dn enter the bind dn identifier the bind dn identifies the user and the location of the user in the ldap directory tree see find ldap distinguished names (dn) docid\ nwdyueyra tehykmk rq7 bind dn password enter the password used to authenticate against ldap when done, click next the user section displays user configure the user settings user search base dn enter a value this base dn (distinguished name) is the point in the ldap directory tree that the ldap service uses to initiate a user search the base dn is the latter part of the bind dn see find ldap distinguished names (dn) docid\ nwdyueyra tehykmk rq7 search scope select an option from the drop down list base limits the search to the base object one restricts the search to "one level", or in other words, the immediate children of the base object sub enables a full ldap tree search, including all children of the base object user search filter enter a filter to search ldap users attribute for unique userid enter the unique user id number (uidnumber) attribute for username (for logging in) enter the attribute that will be used for logins first name enter the user's first name last name enter the user's surname when done, click next the groups section displays group configure the group settings group search base dn enter a value this base dn (distinguished name) is the starting point that the ldap service uses to find a group in the ldap directory tree example of group base nd cn=users,cn=builtin,dc=mydomain,dc=com search scope select an option from the drop down list base limits the search to the base object one restricts the search to "one level", as in the immediate children of the base object sub enables a full ldap tree search, including all children of the base object group search filter enter a filter to query the active directory in the group search filter field see how to write ldap search filters for more information about creating search filters example of a filter to query group objects with a common name (cn) starting with admin (&(objectcategory=group)(cn=admin )) group name attribute enter the common name (cn) for the group to search group membership attribute enter the distinguished name (dn) for the group to search member value type enter the value type for members in the group, dn or cn when done do one of the following click test to test the provider click save to save the settings for the provider click create & map groups to create the provider the provider is created use this provider when logging in to manufacturing connect edge