Since many years it's possible to authenticate users and administrators of SecureTrack via LDAP Server. This method is different to the others using TACACS+ or RADIUS. Here, a user needs to be defined. In this profile, the authentication method is selected: Local, TACACS+ or RADIUS.
Authentication using LDAP is a little different. First of all attaching a LDAP Server to SecureTrack needs to be done by Menu > Configuration > External Authentication > LDAP
Testing if the authentication of SecureTrack at the LDAP Server with LDAP Bind password isn't possible yet.
The "Administrators group DN" includes a group of AD users that are entitled to have administrative rights in SecureTrack. "Users" with restricted rights are located in the "Users group DN".
These users are not listed in Menu > Configuration > Users until their first login, they don't need to be imported.
When a LDAP user logs in to SecureTrack the first time, SecureTrack will check his name and credentials using LDAP. Depending in which group the user is found he will geht the corresponding rights.
- Administrators group:
User gets full administrative rights, if a Multi-Domain environment is configured, the right will be "Super-Admin"
- Users group:
User has restricted rights as "user", if a Multi-Domain environment is configured the right will be "Multi-Domain Users". But with the first login no device is showed to the user. This right has to be configured manually by an administrator after first login of the users.
Besides this, the user is shown in the list of configured users in SecureTrack with Authentication method LDAP.
Each time such a user authenticates, the password is checked against the LDAP server.