VxPro: How to setup LDAP authentication.

Issue

Setting up LDAP with VxPro

Product Line

Pelco Video Management

Environment

  • VideoXpert
  • VxPro
  • VxToolbox

Cause

First time setup

Resolution

Add all domain user accounts manually to VxPro

1. Launch VxToolbox.
2. Go to the Users tab.
3. Click the Plus symbol.
4. Enter a user name and password.
    Note: Password must be 8 characters in order to save the user account but will not be used once LDAP authentication is enabled.
 
5. Assign a role to the user.
6. Provide additional user information (First Name, Last Name, etc).
7. Click Save.
8. Repeat for all users.
 
Configure VxPro to authenticate with an LDAP server.
 
1. Go to the System tab.
2. Click the LDAP button at the top left.
3. Click the LDAP radio button.
4. Fill in the following details.
 
Example:

Server
  • Path: psee.local    
    *LDAP connection path - The name of the domain controller...Example: "dc1.corp.schneider-electric.com" would be 'ldap://dc1.corp.schneider-electric.com'  or  PSEE.LOCAL for our local test domain controller
     
  • Port: 389
    .
Authentication Directory
  • Base DN: DC=psee,DC=local
    *Search starting point, typically set to your directory's root suffix value. Because the root suffix is the topmost entry in your directory, all searches will be able to scan the entire directory tree.
     
  • Search DN: CN= Administrator,CN=users,DC=psee,DC=local
    *bindDN - credential used to authenticate against LDAP. A fully qualified DN, associated with a service account, that will bind with LDAP server and perform user searches.

    Note:  You can search an AD server for the common name of the service account to locate the fully qualified DN using the command:

        dsquery user -name Administrator*   (replace Administrator with the common name of the user account, example: John* or Eric*) 

    Output Example: "CN=Administrator,CN=Users,DC=DOMAIN,DC=LOCAL"
     
  • Search DN Password: Pel2899100 (Example password for 'Administrator', this is the password for your bindDN user account)
     
  • Search Attributes: sAMAccountName,distinguishedName
    *Attributes required to locate the username (DirectoryString) and DN (distinguishedName) for user accounts.  Two search attribute key names are required: The first identifies the attribute that contains the user name.  The second identifies the fully qualified DN used for the second bind and validation of credentials.
 
5. Click Test Connection
    *This test is used to test a standard user account to verify it will authenticate again LDAP.
 
6. Enter credentials for a user found in the LDAP directory.
 
 
7. Click Test.
8. You should see a message stating "Connection and Authentication Successful!"
9. Click OK.
 
 
10. Click Save settings.
11. You will see a popup stating "Authentication Expired" .
12. Click Next. 
13. Re-enter your admin account password.
14. You can now log into OCC using your domain credentials 

Note:  After saving the Search DN Password: maybe blank in VxToolbox, this is ok and the password is still in use.
 
 
Example screenshots using the Active Directory Explorer utility (Sysinternals) to explore a basic AD install.