How to setup LDAP from the SM5200 web interface.

NOTICE

POTENTIAL FOR DATA LOSS.
The steps detailed in the resolution of this article may result in a loss of critical data if not performed properly. Before beginning these steps, make sure all important data is backed up in the event of data loss. If you are unsure, please contact Product Support Services prior to attempting the procedure below.

NOTICE

COMPLEX PROCEDURE REQUIRED.
The resolution of this article has many complex steps that may result in unforeseen results if not performed correctly. If you are at all unfamiliar with the requirements, please contact Product Support Services for assistance.

Issue

  • Domain users are unable to logon to the WS5000 software.

Product Line

Pelco Video Management

Environment

  • Endura SM5200 version 1.0.0.0847 (Does not support nested organizational units.)
  • Endura SM5200 version 1.1.0.0128 (Supports nested organizational units.)
  • Microsoft Windows Active Directory - All Versions

Cause

  • Incorrect / Non - existent LDAP configuration.

Resolution

NOTE:
Only the admin user can access the SM5200 configuration and video viewing pages. All other users only have access to the Pelco Web Viewer.
Although the below screenshots are from a 1.0 system they are still relevant to 1.1.
 
  1. Navigate to the web interface of the SM5200 using one of the supported browsers (Chrome 17+, Firefox 8+ or Internet Explorer 9.0+). Example: https://192.168.5.10
  2. Enter the appropriate username and password then click OK. The default login credential is [Username: admin and Password: admin].
  3. Click on the IP Settings tab.
  4. Under DNS Servers (optional) type in the IP address(s) of the DNS server(s) on the network. If you do not have this information contact the IT staff.
  5. Click Save.
  6. Click on the LDAP tab.
  7. Place a checkmark next to Enable LDAP.
  8. The LDAP Server Settings and Authentication Directory Settings will now be available.
  9. Reference the below screenshot for the remaining steps.

 

NOTE: The below information must  be provided by the IT staff.

a. Under Server Name type in the fully qualified domain name of the Active Directory server.

Example: enduradc.endura.training.net

 
b. Under Base DN type in the values of the Organizational Unit. These can be obtained from ADSI Edit > Right click the appropriate OU > Properties > distinguishedName > View. Copy and paste this information into this field.  
Example: OU=Endura Users,DC=endura,DC=training,DC=net
 
c. Under Service DN (optional) type in the values of the service account. These can be obtained from ADSI Edit > Right click the appropriate user > Properties > distinguishedName > View. Copy and paste this information into this field.
Example: CN=Kenny McCormick,OU=Endura Users,DC=endura,DC=training,DC=net
 
d. Under Service DN Password (optional) type in the password of the account from the previous step.
Example: Password123
 
e. Under Search Attributes type in the following without any spaces:
sAMAccountname,distinguishedName
 
f. Click Test.
 
g. Type in the service account name and password used in steps 9c and 9d.
Example: [Username: kenny.mccormick and Password: Password123].
 
h. Click Test Connection.
 
i. Verify it states Connected to LDAP server then click Save.
 
10. The domain user account(s) must also be created on the WS5000 software. For the username, consider using the same case sensitivity as the Windows account name on Active Directory.