No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Usin ldap configuration file on the esight to bind spacific group

Publication Date:  2019-01-28 Views:  201 Downloads:  0

Issue Description

I faced an Issue which is after configured the esight to authenticate using AD and creating AD group (on AD and esight ) to manage the esight  .. I discovered that all the AD users can access the esight page without privilege but the requirement is that no one can access the page even without privilege except the created group for this purpose .


Handling Process

- Checked if can do this from the GUI mode but was not available .
- Checked the documentation 

Root Cause

Need to modify the userbindgroup in ldapauth.cfg file .

ldapAuth.cfg

Function

Authentication module uses the configuration parameters in ldapAuth.cfg to communicate with Lightweight Directory Access Protocol (LDAP) server for user authentication function.

Path

eSight installation directory/AppBase/etc/oms.sm


Solution

To accomplish this requirement, there is an important configuration file called ldapAuth.cfg  ... The Authentication module uses the configuration parameters in ldapAuth.cfg to communicate with Lightweight Directory Access Protocol (LDAP) server for user authentication function.

you can find this file in this path :

eSight/AppBase/etc/oms.sm/ldapAuth.cfg

in order to indicate the group name and then only the group members can login .  

The AD group name was Esight Access Group and to make this only group to access the esight we need to change the userbindgroup parameter in the ldapauth.cfg file .


So Right click on the ldapauth.cfg then edit it with text editor  and add the parameter :


Now only this group can access the esight webpage .

Note that there are a lot of useful parameters you can modify to control the authentication process between esight and ldap server .

Search in the documentation for ldapAuth.cfg to check all the parameters that can be modified 

Suggestions

We need to add A GUI modification to this file that enable user to change these attributes easly 

END