Define LDAP Settings

Use the LDAP Directory Services in Application Assembler (ThingWorx) to manually edit Web HMI users to exactly match the user names in Active Directory, and then assign them to groups.

In previous versions of Web HMI, this was the way to use AD authentication. You can now set up dynamic user provisioning for AD authentication, as explained in Configure Active Directory Authentication.

Application Assembler provides the LDAP Directory Services template for you to duplicate and configure your LDAP settings. This template uses a nonstandard organizational unit (OU) named WebHMI in the Windows Active Directory instead of the default Users OU.

  1. In the SECURITY section of the Application Assembler page, select LDAP Directory Service.
  2. Select the Active Directory check box.
  3. In the main navigation bar, select Duplicate.
    A new entity is created, and the General Information page appears.
  4. In the Name box, enter a new name for this entity, such as GE_WebHMI_LDAP.
  5. In the Description box, explain this type of authentication, such as LDAP Directory Service.
  6. Select the Enabled check box.
  7. Select Save.
  8. In the Active Directory entity that you just created, select Configuration under ENTITY INFORMATION.
    The Configuration for DirectoryServices page appears.
  9. Define the following LDAP settings:
    If you need help finding these LDAP values in Windows AD, see LDAP Settings for AD Authentication.
    OptionDescription
    serverThe name of the computer where the Active Directory resides.

    Example: WIN2008

    userIdAttributeDo not modify the default value of sAMAccountName.
    LDAPDo not modify the default value of LDAP.
    portThe Active Directory server port. Do not change the default value of 389 unless another port was set.
    adminBindDNThe login of the administrative user with permission to run the Active Directory lookup. This is the distinguished name (DN) in the Active Directory. For example, for the Support administrative account residing in the default Users organizational unit, the DN for this setting is:

    CN=support,CN=Users,DC=support,DC=webhmi,DC=com

    userBaseDNThe Active Directory lookup for the user group or base organizational unit. This is the distinguished name in the Active Directory. For example, for all users residing in the WebHMI organizational unit, the DN for this setting is:

    OU=WebHMI,DC=support,DC=webhmi,DC=com

    adminPasswordThe password of the user with permission to run the Active Directory lookup, which is the above adminBindDN user. Using the above adminBindDN example, this is the password for the Support administrative account on the Users OU.
  10. Select Save.