Although you can try “swapping in” an LDAP user service in a running station, error messages may occur and results can be unpredictable.
Therefore, we recommend that for any existing station with the standard UserService (or an LDAP user service to be replaced by a different type), that you save and edit that station offline (config.bog file), using Workbench. In your offline edit, you swap in a different user service from the ldap palette.
If a remote station, that means you first use the platform Station Copier to save that station locally. After editing and saving that config.bog file, you use the Station Copier to install it back in that same host. The following procedure walks through these basic steps, using AX-3.8 or later Workbench.
To add an LDAP user service
-
In Workbench, open a platform connection to the host (JACE) and use the Station Copier tool to save a local copy of its station.
If working on a locally running station, such as on a Supervisor, you would (instead) open a local platform connection and
that station from the Application Manager view, before going to the next step.
-
In the Workbench Nav tree, expand your host’s file system and navigate to that station folder, expanding the
config.bogfile to open its Config, Services container. -
Open the ldap palette in your side bar (see “Using the palette side bar” in the User Guide for general details).
-
From the ldap palette, drag (or copy and paste) the needed user service into the Services container.
In the popup Name dialog, you can rename it—or, simply use the default name.
The new LDAP user service is now in the station’s Services container.
-
If the station’s previous user service has local Users and/or User Prototypes that you would like to reuse, copy them at the same level under the new LDAP user service.
-
In the station config.bog file, select and delete the existing user service (e.g. UserService).
-
In the new LDAP user service, assign a strong password to the built-in, local “admin” user.
-
In AX-3.8, the default user password strength is 12 characters total minimum, with at least one upper case, one lower case, and one digit (numeral). This is configurable in the “Password Strength” properties of the user service.
-
In AX-3.7, the minimum strong password is fixed (8 characters, at least one letter and one digit or special character).
Alternatively, you can create another “super user” account with a strong password, and then disable the (well known) “admin” user.
-
-
Right-click the config.bog file and select
.
You can continue to work offline to do more configuration, or else reinstall the station (if a JACE) or else restart the local station (if a Supervisor), and work on the station while it is running. This latter online method is what is documented here.
-
Open a platform connection to the host (JACE) and use the Station Copier tool to install the modified station back to the JACE.
If working on a locally running station, such as on a Supervisor, you would (instead) open a local platform connection and
that station from the Application Manager view.
Allow sufficient time for the station to restart. If a JACE, note that a station transfer results in a controller reboot first.
-
In Workbench, open a station connection to the host as the admin (or if created, other super user) user.
By default (unless you already changed this with the station opened offline), the “admin” user in any of the LDAP user services
has a “blank” password—something you should definitely change immediately! In most cases it is recommended you create another local user that is a super user, assigning a unique user name and strong password. Then you can safely disable the user “admin”, to
help prevent unauthorized access using this “well known” account. For related details, see Configure any needed local users.
Continue to work in the station with admin write privileges on the new LDAP user service, in order to configure any needed local users, and configure the service for access by LDAP users on the network.