Appendix A: LDAP Implementation Details
109
NetLinx Integrated Controllers (Firmware v4)- WebConsole & Programming Guide
6. The client then unbinds as the user uid=amxBindAccount,ou=people,dc=example,dc=com.
7. If a record is found that matches, the client then attempts to bind as this DN using the password the user enters to initiate the
session.
In this example the DN uid=DallasUser1,ou=people,ou=Dallas,dc=example,dc=com and the password DallasUser1Pswd
would be used for this bind.
8. The server compares the user supplied password with the value of the userPassword attribute of
uid=DallasUser1,ou=people,ou=Dallas,dc=example,dc=com.
If this match is successful, the bind is successful and the client is logged in.
9. If the bind is successful, the client then performs another search using the filter (member=DN returned from the first search)
specifying that the commonName attribute of matching entries should be returned.
In this example, the filter is member=uid=DallasUser1,ou=people,ou=Dallas,dc=example,dc=com.
Since DallasUser1 is listed as a member of the groupOfNames objectclass
dn: cn=master01Admin,ou=groups,ou=Dallas,dc=example,dc=com
and
dn: cn=master01User,ou=groups,ou=Dallas,dc=example,dc=com,
the server will return the commonName attributes master01Admin and master01User.
The client then unbinds as this user and exits.
NOTE: The AMX LDAP client configuration parameters are located on the System Security Details page under the System Security
Settings link. See the System Security - System Level section on page 35); the LDAP configuration options are described on page 37.
Example - Setting Up User's Access Rights
In order to give AMX equipment users access rights to the Master, group memberships for users will be defined by the
GroupOfNames object class (refer to LDAP RFC4519). Two records need to be created in the database:
One that represents users with administrative privileges (Admin Change Password Access, Terminal (RS232) Access, FTP
Access, HTTP Access, Telnet Access, Configuration, ICSPConnectivity, and EncryptICSP Connection).
Another that represents users with user privileges (HTTP Access). The DNs of the AMX equipment users will be listed under
the appropriate GroupOfNames object class as a member attribute.
Administrator Access Example
User Access Example
NOTE: If the DN of a user is in both the administrator groupOfNames and the user groupOfNames, the administrative privileges take
precedence over user privileges.
Administrator Access
LDAP Server Conf iguration Master Configuration
Example:
dn: cn=master01Admin,ou=groups,ou=Dallas,
dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: master01Admin
member: uid=DallasAdminUser1,ou=people,
ou=Dallas,dc=example,dc=com
member: uid=ICSPUser,ou=people,
ou=Dallas,dc=example,dc=com
On the System Security Details page, enter the Administrator groupOfNames cn.
Example:
Admin groupOfNames cn: master01Admin
User Access
LDAP Server Conf iguration Master Configuration
Example:
dn: cn=master01User,ou=groups,
ou=Dallas,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: master01User
member: uid=DallasUser1,ou=people,
ou=Dallas,dc=example,dc=com
member: uid=DallasUser2,ou=people,
ou=Dallas,dc=example,dc=com
On the System Security Details page, enter the User groupOfNames cn.
Example:
User groupOfNames cn: master01User
To Next Page
Loading...
Need help?
General
