LDAP configuration

Available from firmware 2020.6

Accessibility

This WBM page is accessible with user role:

  • Admin
  • SecurityAdmin (from firmware 2022.0 LTS)
  • User Manager

How to get into the WBMHow to get into the WBM

Establishing a connection to the Web-based Management (WBM):

  • Open a web browser on your computer.
  • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
    for example: https://192.168.1.10/wbm.

For further information, see WBM.

LDAP Configuration page

The LDAP server enables central management of the users in a network (e.g. a Microsoft Active Directory). The PLCnext user authentication can be connected to an LDAP server. The LDAP configuration can be carried out via configuration files or in the WBM of the controller. You can configure up to 10 LDAP server connections.

Note: More information about LDAP, configuration via the XML configuration files, configuration options and default values can be found here.

  • Use the Apply button to accept the current configuration and transfer it to the controller.
  • Use the Reset button to discard the current configuration and reload and display the previously saved configuration.

The configuration options are described below.

General Options

In the General Options section you can activate or deactivate the LDAP configuration.

  • To activate the LDAP configuration, select the checkbox.
  • To deactivate the LDAP configuration, clear the checkbox.

LDAP Servers

In the  LDAP Servers section you will find a table of LDAP configurations. The table contains the following columns:

Column Description
Seq. (sequence) Sequence number of the LDAP server (the LDAP servers are contacted in this order)
Host Name Host name or IP address of the LDAP server
Port TCP port of the LDAP server
Base DN DN (Distinguished Name) where the LDAP search for users starts.
Bind DN DN (Distinguished Name) of the user with which the search in the LDAP directory is performed (optional).
Comment Local user specific comment

Below the table you will find the following buttons:

Button Function
plus icon  Adds a new LDAP server configuration.
Select the row after which the new LDAP server configuration is to be inserted.
If no row is selected, the new LDAP server configuration is inserted at the end of the table.
delete icon.png  Deletes the selected LDAP server configuration.
move up/down icon  Moves the selected LDAP server configuration upwards/downwards.

Add or edit a LDAP server configuration

The Edit LDAP Server Configuration and Add a new LDAP Server Configuration menus are structured in the same way.

  • To add a new LDAP server configuration, click on the button  at the bottom of the LDAP Servers table.
  • To edit an existing LDAP server configuration, click on the button  in the respective column of the LDAP Servers table.

The respective configuration menu opens.

Basic configuration

In the  Basic Configuration area you have the following setting options:

More information on the configuration attributes and their default values can be found here.

General Options

Option Description
Seq. Sequence number of the LDAP server configuration (automatically assigned by the WBM)
Host name DNS name or IP address of the LDAP server
Port TCP port of the LDAP server (optional). The port is chosen automatically, port 389 for connections without TLS or StartTLS and port 636 for TLS connections. If necessary you can specify the port where the LDAP server can be reached.
Timeout Timeout after a connection attempt to the server failed.
Enter a value in the input field and choose a unit from the drop-down list.

Security Options

Option Description
TLS Mode

Select the TLS mode from the drop-down list:

  • Deactivated: Tls and StartTls are deactivated
  • Tls: Tls is activated and StartTls is deactivated
  • StartTls: Tls and StartTls are activated
Trust Store Select the trust store that is used for verification by entering a trust store name in the input field. All trust stores that match or start with the entry can be selected from the drop-down list. If you leave the input field empty, you can select from all existing trust stores.
Cipher List List of permitted TLS cipher suites for the LDAP connection. Click here for details.

Search Options

Option Description
Base DN The LDAP DN (Distinguished name) that serves as starting point for the search for users over all child nodes.
Search filter LDAP search filter that is used for the search for users. The variable "$$USER$$" is automatically replaced with the login. 

Login Options

Option Description
Bind DN Enter the Distinguished Name of the user the search in the LDAP directory is performed with.  
Bind Password Enter the password of the Bind DN user in the LDAP server.
Confirm Bind Password Confirm the password of the Bind DN. 

Local Options

Option Description
Comment Enter a comment on the LDAP server configuration.

Enhanced Configuration

In the Basic Configuration area you have the following setting options. Further details on the configuration attributes can be found here:

Group Attributes

In this area you can add or remove Group Attributes of the LDAP server configuration. You will find the following buttons:

Button Function
plus icon  Adds a new group attribute. Enter an attribute name in the input field.
delete icon.png Deletes the selected group attribute

LDAP Group Mappings

In this area you can manage a list of LDAP Group Mappings. You will find the following buttons:

Button Function
plus icon  Adds a new LDAP group. 
Enter the group name and choose the local user role from the drop-down list.
delete icon.png Deletes the selected LDAP group mapping. 
  • To save the new or modified LDAP server configuration, click the OK button.
  • To discard the new or modified LDAP server configuration, click the  Cancel button.

 

 

 


•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2022-09-14 • Revision 046 •