Belkin 5000HQ user manual External authentication Ldap, DNS setting in Ldap mode

9..2..2 External authentication (LDAP)

LDAP (Lightweight Directory Access Protocol) is a standard protocol for accessing information in a directory.

LDAP defines processes by which a client can connect to an X.500- compliant or LDAP-compliant directory service to add, delete, modify, or search for information, provided the client has sufficient access rights to the directory. For example, a user could use an LDAP client to query a directory server on the network for information about specific users, computers, departments, or any other information stored in

the directory.

Note! OmniView IP 5000HQ supports Windows 2003 and Windows 2008 Active Directory LDAP Authentication.

9..2..2..1 OmniView IP 5000HQ in external authentication (LDAP) mode

In external authentication (LDAP) mode, OmniView IP 5000HQ deletes all users created before in local authentication mode. New users can only be imported from a Windows 2003 or Windows 2008 Active Directory.

OmniView IP 5000HQ will validate all user credentials against the external LDAP server only.

Only the “admin” account remains as a “backdoor” account. This user has OmniView IP 5000HQ local access. Admin account is allowed to manage OmniView IP 5000HQ with “Administrator” access privileges. However, “admin” is not permitted to connect to targets. This account will allow changing OmniView IP 5000HQ to local authentication mode at any time.

There is no direct access to any IP device. OmniView IP 5000HQ will act as a gateway.

Since the OmniView IP 5000HQ user accounts are kept in the local database, some of the local accounts might not have related LDAP objects (e.g., some users’ accounts might migrate to another LDAP path). To clean the local database from those ghost accounts that will never pass LDAP authentication, OmniView IP 5000HQ provides the customers with the manual synchronize operation.

User groups will not be deleted and will be managed locally after its import.

When changing OmniView IP 5000HQ to local authentication mode, all the users appear as “inactive.” To reactivate the users, the administrator must explicitly provide each account with a local password.

9..2..2..2 DNS setting in LDAP mode

Important! The correct DNS setting is vital for the successful configuration of the OmniView HQ in LDAP mode. You set the HQ DNS settings in the “Settings / Unit Maintenance / Network” tab. See the “Network tab” section on page 95.