User Authentication LDAP for HMI
Hi,
The user management is linked to our ActiveDirectory via LDAP. I can log into the WBM with the global login data without any problems. (The AD-User is mapped to the Admin role)
However, if I change the LDAP group mapping from Admin to EHmiLevel10, I cannot log into the HMI.
As a test, I have also assigned the EHmiLevel10 role to admin-user and I can log in to the HMI with admin-user without any problems.
Below are the notifications from admin and AD-user when logging into the HMI:
Warning 03.01.2024 12:12:40.754 arp.services.hmi Security.Arp.Services.Ehmi.SessionAuthenticationFailed No login permission for userName AD-User, ipAddress 192.168.0.5, arpSecurityToken 1484793059 security Info 03.01.2024 12:12:40.752 User Manager Security.Arp.System.Um.SessionCreated Session created. User: AD-User, User roles: EHmiLevel10 , Security Token: 588024E3, Object name: hmi.auth, currently opened Sessions 4 security Info 03.01.2024 12:12:40.751 User Manager Security.Arp.System.Um.Ldap.ServerLoggedIn LDAP server logged in. Hostname: ldap.example.org, Comment: security Info 03.01.2024 12:12:16.008 User Manager Security.Arp.System.Um.SessionCreated Session created. User: admin, User roles: Admin EHmiLevel10 , Security Token: B0CFDE01, Object name: hmi.auth, currently opened Sessions 4 security
AXCF1152, FW2023.6
EDIT:
I have noticed that both user levels Admin and EHmiLevel10 must be assigned to the user for a login in the HMI to work. Is that correct?
This discussion has been closed.
Comments
EDIT #2:
It also works when using the user levels EHmiViewer and EHmiLevel10. But two must be assigned. EHmiViewer or EHmiLevel10 alone is not sufficient.
And it's not limited to AD-User. Also local user need two user roles. I assume that you need the rights "View online variable values" and the corresponding EHmiLevels to log into the HMI.
https://plcnext.help/te/WBM/Security_User_authentication.htm