5. LDAP Authentication¶

License Required

This feature must be licensed to be used. Contact your Eventide Dealer for assistance.

Lightweight Directory Access Protocol (LDAP) allows users, passwords, and group memberships to be managed via a pre-existing central directory database.

Fig. 5.1 Authentication Mode - LDAP¶

This authentication mode can be use along with Local Authentication. It is recommended that a local account be created to serve as a “break glass” account in the event that the recorder is no longer able to talk to the directory service.

5.1. How It Works¶

When a user logs in to the NexLog DX-Series recorder, their username is evaluated to see if it exists, or is already associated with the directory service.

If the user does not exists, or is associated with the directory service, the credentials entered are tested against the directory server.

If the supplied credentials work, the user is considered authenticated and the login will be processed. If the user does not already exist on the recorder, their recorder account will be created.

If the supplied credentials do not work for the directory service, the login is rejected.

Upon successful login, the recorder will query the directory service for the user’s group memberships. If the user is a member of the recorder’s paired groups, that group’s permissions will be given to the user.

5.2. Prerequisites¶

To setup LDAP Authentication you must know the following:

LDAP protocol in use, LDAP or LDAPS (TLS/SSL)
LDAP server hostname
LDAP server port number
Base user search path or organizational unit (OU)
Base group search path or organizational unit (OU)
Username for the recorder’s LDAP account
Password for the recorder’s LDAP account
Domain for the recorder’s LDAP account

5.3. Create the LDAP Bind Account¶

In the LDAP service’s administration manager, create a service account for the NexLog DX-Series recorder to use.

This account is used for user and group lookups to validate the access that a user should have on the recorder.

The account must have read access to the OU where users and groups are stored, as well as the ability to read the attributes of recorder users.

5.4. Configure LDAP Authentication¶

Once the service account user been created in the directory service, you can proceed with configuring the NexLog DX-Series recorder.

Login to the web configuration manager and navigate to Users and Security → Active Directory.

Under Authentication Mode, select the radio button for LDAP (Reference Figure 5.1).

Next, select the LDAP Settings tab.

Select the protocol that will be used to communicate with the directory service.

Refer to Section 5.4.1 - LDAP Configuration or Section 5.4.2 - LDAPS Configuration of this document for the options specific to your protocol selection.

When finished, click Save to enable your settings.

A reboot may be required to complete the configuration.