LDAP implementations

LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services for an IP network. A common usage of LDAP is to provide a single sign on where a single user logs in to multiple network services using but one password.

Niagara supports two LDAP server implementations:

• Windows AD (Active Directory)

  This widely-implemented type of LDAP server is a Microsoft-supplied service used on Windows domain networks, and is included in most Windows Server operating systems. AD provides an interface for these protocols: LDAP (LDAPv2 or LDAPv3) and Kerberos (for authentication). With AD, users can access resources anywhere on the network with a single login.

  The Windows AD is structured as a hierarchical tree of objects.

  To integrate a Windows AD system with a network of Niagara stations, in the Services container and under the AuthenticationService, add one of the authentication schemes:

  • LdapScheme is for ADs versions LDAPv2, and LDAPv3.

  • KerberosScheme is for ADs that support Kerberos authentication. The host Niagara platform must be licensed for LDAPv3. If Kerberos authentication is used, the LDAPv3 requires the attribute: Kerberos=”true”.

• Open source implementations

  These implementations, including Apache Directory Server and OpenLDAP, support both LDAPv2 and LDAPv3 (with the possibility of Kerberos authentication).

  Each of these implementations is structured as a hierarchical tree of objects. Each object has a set of attributes.