LDAP (Lightweight Directory Access Protocol) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Active Directory is a directory service that Microsoft developed for Windows domain networks. The deviceWISE LDAP extension is used to integrate with Active Directory to authenticate users and query group information by using the LDAP protocol. This group information is used to determine what a user is authorized to do when accessing a node.
The Active Directory server enables the administration of users and groups using a single global repository in a corporate directory. When the deviceWISE LDAP extension is used for authentication and authorization with the Active directory, it allows this administration to be centrally managed. For more information on installing the LDAP extension and configuring access to the Active Directory through the LDAP Server, see Configuring access to the LDAP Directory.
The diagram below provides an overview of the flow between the LDAP extension and the LDAP server when a user logs into a node with the workbench. The mapping between a deviceWISE Role and an Active Directory group is established by having the roles and the group names being identical. An Active Directory administrator can assign roles to a user by adding them to the appropriate group. The permissions (authorization) of the user is controlled by configuring the user to have the appropriate role(s) within the node.
A gateway can support integration with LDAP or OAuth2, but not both at the same time.
Related topics