Configure any needed local users

Typically, after you configure the LDAP user service and have it working, most user access to a station will be from LDAP users, that is, station login by users supplying their LDAP credentials. User components for these users will be dynamically created in the station—if they do not already exist.

First, however, you typically create a few local station users. These are in addition to the two “built-in” local users (admin and guest^[1]) under any NiagaraAX user service. Station access by local users does not involve (nor is dependent upon) on LDAP server communications.

Typical use cases for additional local users are:

To create a super user to use instead of the built-in (and well known) user “admin”, such that you can set user “admin” to be disabled. Create this new super user before disabling the user admin.
To create a special user to use as a “service account” for Fox station-to-station communications. Typically you assign admin write privileges to this user, and never use this for (person) login access to the station. Instead, you reference this user in other (remote) stations, when configuring the “Client Connection” properties under the NiagaraStation that represents this station.
Although “in theory” an LDAP-sourced user could be used for a service account, we recommend creating and using a local user instead. This allows Niagara Network operations to continue even in the event of LDAP server issues.

Figure 3. Example local users (two) created in station with LdapV3ADUserService

Figure 3 above shows an example of two local users added to the LdapV3ADUserService:

myUn1queAdm1n — A user given “super user” privileges, allowing the user admin to be disabled.
myUn1queSvcAcct$ — A user with all admin-write privileges, used for station (Fox) client access from other stations.

To configure local users

With the station opened in Workbench, double-click the user service for the Ldap User Manager.
Click New to add one or more local users.
In the New dialog for the user(s), configure properties as needed.
Save the users and the station (right-click its Config node, and select Actions->Save).

Notes on local users in an LDAP user service

Typically after making a local user for “service account” station-to-station connections, you immediately update other stations in the Niagara Network such that they have the proper credentials in the “Client Connection” properties of the NiagaraStation (device) component that represents this station. For related details, see “About client connection properties” in the Drivers Guide.
Properties accessible on the property sheet of the LDAP user service, for example to configure Password Strength and Lock Out-related settings, apply to all local users only, and not LDAP users. This also applies to “Password Configuration” user properties—that is, force reset at next login, expiring passwords, and password history mechanism. For LDAP users, such things are configured in the LDAP server/system, and not Niagara. For details on such local user functions, see the User Guide sections “Strong password notes”, “Lockout notes”, and “About password expiration and reset”.
“Network users” are not applicable—this function applies only if using the standard UserService, in which case UserPrototypes are used in a different manner than in an LDAP user service.

^[1]Starting in AX-3.8, the built-in local user “guest” is hidden after a station first starts. For security reasons, retaining this is the recommended configuration.