With the Connection to Windows domain function you can connect the data of a domain controller with the control's user administration.
Application
Related topics
- Configuring an LDAP database on a control
- Using an LDAP database on multiple controls
Requirements
- User administration is active
- useradmin user is logged on
- Windows domain controller present in the network
- You have access to the password of the domain controller
- You have access to the user interface of the domain controller, perhaps supported by an IT administrator
- Domain controller accessible in the network
Activating user administration
Description of function
- Use the Configuration function to configure the connection:
- Use the Map SIDs to Unix UIDs check box to select whether Windows SIDs are automatically mapped to Unix UIDs
- Use the Use LDAPs check box to select LDAP or secure LDAPs. For LDAPs, define whether or not the secure connection verifies a certificate
- Define a special group of Windows users to whom you want to restrict the connection to this control
- Modify the organizational unit in which the HEROS role names are stored
- Change the prefix in order to manage users from different workshops, for example. Each prefix given to a HEROS role name can be changed (e.g., HEROS hall 1 and HEROS hall 2)
- Modify the separator within the HEROS role names
Groups of the domain
If not all of the required roles have been created in the domain as groups, the control issues a warning.
- If the control issues a warning, proceed in one of the two following ways:
- Use the Add role definition function to enter a role directly in the domain
- Use the Export function to export the roles to an *.ldif file
- There are the following ways to create groups corresponding to the different roles:
- Automatically when entering the Windows domain by specifying a user with administrator rights
- By importing an import file in .ldif format to the Windows server
The Windows administrator must add the users manually to the roles (security groups) on the domain controller.
Two suggestions describing how the groups can be structured by the Windows administrator are given by below.
Example 1
The user is a direct or indirect member of the respective group:

Example 2
Users from various sectors (workshops) are members of groups with different prefixes:

Setting up the Connection to Windows domain function
- To set up a Connection to Windows domain:
- Opening the User management window
- Select Connection to Windows domain
- Select Find domain
- The control selects a domain.
- Select APPLY
- The control opens the Connect to domain window.
- ou=controls
- cn=computers
- Enter the user name of the domain controller
- Enter the password of the domain controller
- Confirm your input
- The control connects to the Windows domain found.
- The control checks whether all of the required roles have been created in the domain as groups.
- Add groups, if necessary
With the Organizational unit for computer account: function, you can specify in which of the already existing organizational units you want to create the access, e.g.
The values you enter must match the conditions of the domain. The terms are not exchangeable.