Configure LDAP Directory Services for Vision

To configure LDAP directory services for Vision, do the following:

  • Enable Vision to access the LDAP server.
  • Define attributes with which to authenticate users.
  • Associate LDAP groups with Vision user roles.

    You can remove these associations, as needed.

  1. On the Vision Configuration menu, select Authentication to display the Vision Authentication Configuration dialog box.

    Figure 1: Vision Authentication Configuration Dialog Box

  2. On the LDAP Configuration tab, select the Enabled LDAP Authentication check box to enable LDAP authentication.
  3. Populate the following fields:

    Field

    Description

    LDAP Server URL

    Enter the URL of the LDAP server in the following format: ldap://<server_ip | hostname>:<port>

    Example

    ldap://10.10.10:389

    LDAP Server Manager DN

    Enter the distinguished name (DN) of a user with LDAP read access, such as your LDAP server administrator.

    Example

    cn=manager,dc=vision,dc=com

    LDAP Server Manager Password

    Enter the password that the LDAP server manager uses to access the LDAP authentication services.

    LDAP Group Role Attribute

    Enter the group role attribute of the LDAP server manager, typically cn.

    LDAP Group Search Base

    Enter the DN in the LDAP directory that contains the Vision group records with which to authenticate users.

    Example

    ou=groups,dc=vision,dc=com

    LDAP Search Patterns

    Enter the DN in the LDAP directory that contains the Vision user records with which to authenticate users.

    Example

    uid={0}, ou=user,dc=vision,dc=com

    LDAP Group Search Filter

    Enter the group organizational unit (OU) attribute that defines the groups of which the user is a member.

    Example

    memberUid={0}

  4. Leave the LDAP Search Subtree check box selected to search for groups in all subtrees under the OU specified by the LDAP Group Search Base value.

    Note: The LDAP DereferenceFlag is not used at this time.

  5. Click Save to save the authentication settings.
  1. On the Vision Authentication Configuration dialog box, select the Vision Role to LDAP Group tab.

    Figure 2: Vision Role to LDAP Group Tab

  2. In the Vision Roles pane, select the appropriate role, either Administrator or User, to associate with the LDAP group.
  3. In the LDAP Groups pane, select Add to display a text box in which to enter the LDAP group.

    Figure 3: LDAP Groups Pane

  4. In the LDAP Group Name text box, enter the name of the LDAP group to associate with the selected Vision role.
  5. Click Save to save the settings and return to the LDAP Configuration tab of the dialog box.

  1. In the Vision Authentication Configuration dialog box, select the Vision Role to LDAP Group tab.

  2. In the LDAP Groups pane, select the LDAP group association to delete.

  3. Click Delete and then click Yes to delete the association.