Enable Connection Pooling

Either ‘true’ (default) or ‘false’. When ‘true’, connections are allowed to be shared and re-used. This can improve performance.

Connection URL

URL of your LDAP server, usually in the form: ldap://your.domain.net

If the server uses a “non-standard” port, include in the URL, e.g. ldap://your.domain.net:999 (note standard LDAP ports are 389, or else 636 if SSL).

Note the scheme ldaps://your.domain.net is not supported in Connection URL.

SSL

Either ‘false’ (default) or ‘true’. If ‘true’, the station uses SSL to communicate with the LDAP server.

If true, be sure to enable SSL in the station’s NiagaraNetwork’s FoxService (for Workbench-to-station access) and also station’s WebService (for browser-to-station access).

User Login Attr

The specific attribute in the LDAP directory for the desired user login name.

Different LDAP servers use a different attribute. For OpenLDAP, the attribute is: uid

User Base

Sub-tree of the LDAP server in which users who can access this station can be found. At the very least, it must contain the domain components of the server’s domain, e.g. DC=domain, DC=net

Attr Email

The specific attribute in the LDAP directory to store user’s email address, the value of which populates the Niagara user’s Email property. There is no default value (is blank).

Attr Full Name

The specific attribute in the LDAP directory to store user’s full name, the value of which populates the Niagara user’s Full Name property. There is no default value (is blank).

Attr Language

The specific attribute in the LDAP directory to store user’s language, the value of which populates the Niagara user’s Language property. There is no default value (is blank).

Attr Cell Phone Number

The specific attribute in the LDAP directory to store user’s cell phone number, the value of which populates the Niagara user’s Cell Phone Number property. There is no default value (is blank).

Attr Prototype

The specific attribute in the LDAP directory to use for mapping a User Prototype (under the user service’s UserPrototypes container) to users. There is no default value (is blank).

This mechanism uses an “attribute value”-to-“component name” matching method of selection, where if no “name-matching” User Prototype is found, the frozen DefaultPrototype is used (when making the User component for the LDAP user, upon initial station login).

For related details, see Configure User Prototypes.

Cache Expiration

Specifies how long a user’s password is effective in the station, before being set to expired. Set to some differential time in the future, this is used in case the LDAP server is unavailable, so that users can still login with active credentials. Note if using Kerberos authentication, this feature is still applicable even though the station never receives user passwords. Instead, the station verifies the corresponding Kerberos user ticket and uses the cached user.

Bind Format

(LdapConfig under LdapV3UserService only) If not using Kerberos, but instead the SimpleAuthenticator, it may be necessary to specify the exact format of the login name to send to the LDAP server. This can differ according to the LDAP server, and may be required more often when the “Authentication Choice” in the SimpleAuthenticator is DIGEST MD5. In some cases, just the user base and login name may be sufficient to find a user in the LDAP directory.

Bind Format processes “BFormat” (Baja Format) syntax, with a default value of %userName%.

This default value may handle most cases. However, if in the SimpleAuthenticator you choose DIGEST MD5 for authentication, this may need to be changed. For example using an OpenLDAP server, this property under the LdapConfig container of an LdapV3UserService (using SimpleAuthenticator and DIGEST MD5) required being set to: %userLoginAttr%=%userName%,%userBase%

For server-specific details, consult with the onsite LDAP administrator for assistance if this property value needs to be changed.

authenticator

Container for properties that define how the station authenticates with the LDAP server, with choices being either the default KerberosAuthenticator or a SimpleAuthenticator. See Configure the LDAP authenticator (LdapV3 only).

Add and configure the LDAP user service

Configure User Prototypes

Configuring the LdapConfig component