Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    How to configure BVMS to connect to an LDAP and use it as a base for user authentication?

    This article explains how BVMS can be configured to connect to an LDAP (or Microsoft Active Directory) and use it as a base for user authentication.

     

    BVMS is able to function in a (Windows) domain-controlled environment.

    The BVMS (and related) services run under the local system account. If another (domain-controlled) account is used to run these services, their permissions level should be the same as the local system account.

    It is recommended to add the Windows server to the domain first (as a domain member), before installing the BVMS software. The BVMS configuration is independent from the domain configuration, however, crucial changes in the domain could break the connection between the BVMS system and the LDAP authentication mechanism.

     

    Step-by-step guide

     

    1. AD Explorer
    AD explorer is a tool created by Microsoft (previously sysinternals) which allows system administrators to browse an Active Directory environment.

     

    2. Login
    Login to AD Explorer by using an administrator account.

    1 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    3. Selecting the right DN

    Select the organizational unit which contains the user-group which you want BVMS to associate with. Open its properties (right-click) and copy the Distinguished Name (DN) of the organizational unit.

    The image below takes the general "Users" folder.

    2 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    The Active Directory Users and Computers overview on the domain controller looks like shown below (this is the default configuration, no additional users or groups are added).

    3 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    It is recommended to create a specific BVMS usergroup (the example below uses a group within the "Users" organizational unit: "BVMSgroup"). A user was added to the BVMSgroup, as shown below.

    4 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    4. Command-line

    Experienced users could also use the command-line to retrieve the Distinguished Name of a specific user or group.

    • dsquery user -name <known user name>
    • dsquery group -name <known group name>

    5 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

     

    BVMS configuration


    1. Configuration
    The LDAP basis for user and LDAP basis for group equal the Distinguished name of section 1.2. Section 3 of this document describe how to apply filters (this is especially convenient for bigger LDAP environments).

    6 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    The username and password of the Proxy User should relate to an administrative account of the domain.

    ⓘ Note

    Writing filters (for user and for group members) is outside of the scope of this document. More information can be found in the Microsoft Windows Dev Center.

     

    2. Test LDAP connection

    The Test button within the Proxy User section tests the connection to the LDAP server. Check the username, password, LDAP Server (IP address or DNS name) settings if a connection errors appears.

    Firewalls or other network components could block this connection as well.

    7 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    3. Test user

    9 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    Close the pop-up window and save the LDAP settings by closing the LDAP Server Settings dialogue with the OK button.

     

    4. Associate LDAP group with BVMS group

    Once the "Test User" has succeeded, the LDAP server can be searched for groups.
    Once the groups are listed, the BVMS user group needs to be associated with the LDAP group.

    8 How to configure BVMS to connect to an LDAP and use it as a base for user authentication.png

    Version history
    Last update:
    ‎08-02-2021 01:14 PM
    Updated by:
    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist