Define LDAP Settings
Use the LDAP Directory Services in Application Assembler (ThingWorx) to manually edit Web HMI users to exactly match the user names in Active Directory, and then assign them to groups.
Application Assembler provides the LDAP Directory Services template for you to duplicate and configure your LDAP settings. This template uses a nonstandard organizational unit (OU) named WebHMI in the Windows Active Directory instead of the default Users OU.
- In the SECURITY section of the Application Assembler page, select LDAP Directory Service.
- Select the Active Directory check box.
- In the main navigation bar, select Duplicate. A new entity is created, and the General Information page appears.
- In the Name box, enter a new name for this entity, such as GE_WebHMI_LDAP.
- In the Description box, explain this type of authentication, such as LDAP Directory Service.
- Select the Enabled check box.
- Select Save.
- In the Active Directory entity that you just created, select Configuration under ENTITY INFORMATION. The Configuration for DirectoryServices page appears.
- Define the following LDAP settings:If you need help finding these LDAP values in Windows AD, see LDAP Settings for AD Authentication.
Option Description server The name of the computer where the Active Directory resides. Example: WIN2008
userIdAttribute Do not modify the default value of sAMAccountName. LDAP Do not modify the default value of LDAP. port The Active Directory server port. Do not change the default value of 389 unless another port was set. adminBindDN The login of the administrative user with permission to run the Active Directory lookup. This is the distinguished name (DN) in the Active Directory. For example, for the Support administrative account residing in the default Users organizational unit, the DN for this setting is: CN=support,CN=Users,DC=support,DC=webhmi,DC=com
userBaseDN The Active Directory lookup for the user group or base organizational unit. This is the distinguished name in the Active Directory. For example, for all users residing in the WebHMI organizational unit, the DN for this setting is: OU=WebHMI,DC=support,DC=webhmi,DC=com
adminPassword The password of the user with permission to run the Active Directory lookup, which is the above adminBindDN user. Using the above adminBindDN example, this is the password for the Support administrative account on the Users OU. - Select Save.