46
OmniView IP 5000 HQ
sections
table of contents 1 3 5 7 911 13 15 17 192 4 6 8 10 12 14 16 18 20 21
17
seTTInGs – aPPlICaTIOns
9.2.2 extern al authent ication (lDaP)
LDAP (Lightweight Dire ctory Access Pr otocol) is a stan dard protocol for
accessing information in a directory.
LDAP defines processe s by which a clien t can connect to an X.500-
compliant or LDAP-comp liant directory service to add, delete, modify,
or search for informat ion, provided the c lient has suff icient access r ights
to the directory. For examp le, a user could use an LDAP client to query
a directory server on the network fo r information abou t specific use rs,
computers, departme nts, or any other information store d in
the directory.
note! OmniView IP 5000HQ sup ports Windows 20 03 and Windows 200 8
Active Directory LDAP Authentication.
9.2.2.1 OmniView IP 500 0HQ in external auth entication (lDaP) mode
In external authentica tion (LDAP) mode, O mniView IP 5000H Q deletes all
users created before in local authenti cation mode. New u sers can only
be imported from a Wi ndows 2003 or Wind ows 2008 Active Dir ectory.
OmniView IP 5000HQ wi ll validate all use r credentials ag ainst the
external LDAP server only.
Only the “admin” account remains as a “bac kdoor” account. T his user
has OmniView IP 5000 HQ local access . Admin account is allowed to
manage OmniView IP 50 00HQ with “Administra tor” access priv ileges.
However, “admin” is not permit ted to connect to t argets. This acc ount
will allow changing Omni View IP 5000HQ t o local authentic ation mode
at any time.
There is no direct ac cess to any IP devi ce. OmniView IP 50 00HQ will act
as a gateway.
Since the OmniView IP 5 000HQ user acc ounts are kept in t he local
database, some of the l ocal accounts mi ght not have related LDAP
objects (e.g., some users’ accounts might m igrate to another L DAP
path). To clean the local data base from those ghost accounts th at will
never pass LDAP authenti cation, OmniView IP 5000HQ provid es the
customers with the man ual synchronize op eration.
User groups will not be deleted and will b e managed local ly after
its import.
When changing OmniVi ew IP 5000HQ to lo cal authenticatio n mode, all
the users appear as “inactive.” To reactivate the users, the admin istrator
must explicitly provide each account with a local password .
9.2.2.2 Dns setting in l DaP mode
Important! The correct DNS setting is vital for the success ful
configuration of the OmniView HQ in LDA P mode. You set the HQ
DNS settings in the “ Settings / Unit M aintenance / Net work” tab.
See the “Network tab” section on page 95.