E-2D: How to Use an LDAP Server with an E-2D
Secure access to the web interface of the ENVIROMUX Enterprise Monitoring System (SYSTEM) can be managed using an LDAP (Lightweight Directory Access Protocol) server.
Note: It is recommended that you establish a connection to the ENVIROMUX from a second PC before changing these settings and logging out, because if a mistake is made in the configuration and you logout, you will not be able to log back in to the ENVIROMUX using any of the control methods as long as there is a connection to the LDAP server. As long as you remain logged in on another PC (either through the web interface, telnet, SSH, or serially through an RS232 port or Console port), you will be able to switch the security settings back to Local mode or make adjustments and then retest settings from a second PC before logging out of that connection.
When in LDAP mode, if the LDAP server is not responding, local authentication will be tried.
To use the LDAP feature:
- Make sure the local user names configured in the ENVIROMUX match the user names (SAMAccountName) in the LDAP server configuration. Otherwise, access to the ENVIROMUX the next time you login will be denied.
Even through LDAP authentication is being used, each user must also have a local account. User permission level is established by the local account.
- Set the "Mode" on the Security Configuration page (select Security in the Administration section of the web interface menu) to "LDAP->Local".
- Enter Hostname or IP address of Primary LDAP Server.
- Enter Hostname or IP address of the Secondary LDAP Server (optional).
- Select the appropriate LDAP server type being used.
- Enter the Base DN for users (ex: dc=mycompany, dc=com).
- When finished on this page, don't forget to click "Save".
- Go to the Configure User page for each user that will have access (click on Users from the Administration section of the web interface menu, then either double-click the user name or click on "Edit" under Action for the user to be configured). Select LDAP Account Settings and enter the proper settings.
LDAP Account Settings
Common Name (for LDAP)
"Common Name" assigned in the LDAP server account in an Active Directory. This is often a name assigned that is different from the Username for an additional level of security. If this is the same as the Username in the "Account Settings" of this page (configured as "Test" above), this can be left blank. Spaces are allowed.
Organizational Unit (for LDAP)
Enter the Organizational Unit the user belongs to in an Active Directory. Format is <ou,ou,etc> (like the image above—separated by commas). The order is top to bottom of hierarchy.
When finished on this page, don't forget to click "Save."
Recovery from failed LDAP configuration – Method 1
If you do not have a second PC logged into the ENVIROMUX and your LDAP configuration is preventing access to the ENVIROMUX, do the following to re-establish a connection:
- Unplug the Ethernet connection to break communication with the LDAP server.
- Connect to the ENVIROMUX through the Console port.
- Login as "root" and enter the local authentication password (default password is "nti"). After 10 seconds, the user menu should appear and you can change settings as needed. (The local authentication password may or may NOT be the same as the LDAP "root" user password).
Without the LDAP server connection, the ENVIROMUX will revert to local authentication after 10 seconds of trying to contact the LDAP server.
Recovery from failed LDAP configuration – Method 2
If the LDAP configuration does not work, and you don't know a valid local authentication user password: