Filter
Top Products
AccessIT
82
12.2.1 AccessIT in External authentication (LDAP) mode
In External authentication (LDAP) mode, AccessIT deletes all users created before
in Local authentication mode. New users can only be imported from a Windows
2003 or Windows 2008 Active Directory.
AccessIT will validate all user credentials against the external LDAP server only.
Only the “admin” account remains as a “backdoor” account. This user has
AccessIT local access. Admin account is allowed to manage AccessIT with
"Administrator" access privileges. However, "admin" is not permitted to connect
to Targets. This account will allow changing AccessIT to Local authentication
mode at any time.
There is no direct access to any IP device. AccessIT will act as a gateway.
Since the AccessIT user accounts are kept in the local database, it can happen that
some of the local accounts do not have related LDAP objects (e.g. some user's
account might migrate to another LDAP path). To clean the local database from
those ghost accounts that will never pass LDAP authentication, AccessIT provides
the customers with the manual synchronize operation.
Users Groups will not be deleted and will be managed locally after its import.
When changing AccessIT to Local authentication mode, all the users appear as
“inactive”. To re-activate the users, the Administrator must explicitly provide each
account with a local password.
12.2.2 DNS setting in LDAP mode
Important! The correct DNS setting is vital for the successful configuration of the
AccessIT in LDAP mode. You set the AccessIT DNS settings in the Settings / Unit
Maintenance / Network tab. See section 16.2 on page 106.