Specifications

ManualsBrandsAMX ManualsMusical equipmentNX-2200

WebConsole - Security Options

NX-Series Controllers - WebConsole & Programming Guide

When LDAP is enabled, users are authenticated using the configuration set up on the LDAP server.

The "administrator" user is handled by the local NetLinx Master, and does not connect to the LDAP server

for user verification.

If an administrator password change is desired, LDAP must be disabled, the password changed and saved and

then LDAP re-enabled.

Users may not be added or deleted via the web pages when LDAP is enabled.

AMX equipment users are set up on the LDAP server with either full access to the master or HTTP access

only.

User access privileges cannot be changed via the web pages.

As users log onto a NetLinx Master, their user name and access privileges are displayed on the User Security

Details page (see System Security - User Level section on page 30). This information is stored in the master's

RAM but is not written to non-volatile memory, and is lost after a reboot of the Master.

If a user is removed from the LDAP directory tree, access is denied, and if that user name is on the master's

User Security Details web page it is removed.

Configuring ICSP Connectivity with LDAP Enabled

If ICSP connectivity security is desired, the user name and password must be set up on the LDAP server and its DN

added as a member to the administrator groupOfNames objectClass. This user name and password must also be present

on the master due to the authentication algorithms used for this type security.

Before LDAP is enabled, a user account must be set up with the user name, password and privileges matching the ones

stored on the LDAP server.

If there is a mismatch with the user name or password, the AMX hardware or software component will not be

allowed access.

If there is a mismatch with the access privileges, the master will use the privileges value stored on the server.

Accepting Changes

Click the Accept button to save changes on this page. Accepting changes is instantaneous and does not require a reboot.

Testing the Connection to the LDAP Server

After entering and accepting the parameters, the Test button (see FIG. 32 on page 24) can be used to test the connection

to the LDAP server. This test does a bind to the BIND DN using the Search Password entered.

If the bind is successful, the message Connection successful is displayed.

If the server could not be reached or the bind is unsuccessful, the message Could not connect to server --

Please check LDAP URI, BIND DN and Search Password settings is displayed.

Refer to Appendix A: LDAP Implementation Details on page 119 for additional information.

LDAP Options (Cont.)

LDAP BASE DN: This parameter specifies the Distinguished Name (DN) of an entry in the directory. It

identifies the entry that is the starting point of the user search.

BIND DN: This parameter specifies the Distinguished Name (DN) to use to bind to the LDAP server for

the initial search for the user's DN.

User Query Attr. This LDAP attribute is used for the AMX equipment user search (for example, UID).

Note: This attribute MUST be unique in the context of the LDAP BASEDN or the search will

fail.

Search Password: This is the password used for the initial bind to the LDAP server - it is the password

associated with BIND DN.

Admin groupOfNames cn: This parameter is the common name (cn) of the groupOfNames objectClass that contains

the member DNs of the AMX equipment users that have administrator privileges.

User groupOfNames cn: This parameter is the common name (cn) of the groupOfNames objectClass that contains

the member DNs of the AMX equipment users that have only user privileges.