How LDAP benefits Niagara

LDAP communicates record-based, directory-like data between programs. It defines database access permissions and provides a schema, which is a way to describe the format and attributes of data stored in a server.

Corporate and campus installations that already use Windows Active Directory, or other LDAP-based directory services to manage user access across distributed network resources, can benefit from configuring Niagara stations to use an LDAP user service. Benefits include:

  • Ease of implementation. Installations that already use Windows AD or an open-source implementation of LDAP can easily include stations in their existing user management configuration.

  • Automatic new user account creation. When a user logs in to a station for the first time, the system automatically creates a user account (component) in the station and populates it with pre-defined properties (based on user prototype), such as permissions, and predefined LDAP properties (from the LDAP server), such as email address, full name, and language.

  • Security. Kerberos authentication (available for LDAPv3-based AD or open source systems) offers a high level of security. Implementing Kerberos requires client setup of hosts and browsers.

  • Simplified login. Current users may log in without needing to enter credentials.

Note: All stations on the network (both Supervisors and controllers) must use the LDAP server. The system does not support a mixture of stations using the standard UserService with other stations using an LDAP user service.