Connection to Windows domain

Application

With the Connection to Windows domain function you can connect the data of a domain controller with the control's user administration.

Requirements

  • User administration is active
  • Activating user administration

  • useradmin user is logged on
  • Users

  • Windows domain controller present in the network
  • You have access to the password of the domain controller
  • You have access to the user interface of the domain controller, perhaps supported by an IT administrator
  • Domain controller accessible in the network

Description of function

  • Use the Configuration function to configure the connection:
  • Use the Map SIDs to Unix UIDs check box to select whether Windows SIDs are automatically mapped to Unix UIDs
  • Use the Use LDAPs check box to select LDAP or secure LDAPs. For LDAPs, define whether or not the secure connection verifies a certificate
  • Define a special group of Windows users to whom you want to restrict the connection to this control
  • Modify the organizational unit in which the HEROS role names are stored
  • Change the prefix in order to manage users from different workshops, for example. Each prefix given to a HEROS role name can be changed (e.g., HEROS hall 1 and HEROS hall 2)
  • Modify the separator within the HEROS role names

Groups of the domain

If not all of the required roles have been created in the domain as groups, the control issues a warning.

  • If the control issues a warning, proceed in one of the two following ways:
  • Use the Add role definition function to enter a role directly in the domain
  • Use the Export function to export the roles to an *.ldif file
  • There are the following ways to create groups corresponding to the different roles:
  • Automatically when entering the Windows domain by specifying a user with administrator rights
  • By importing an import file in .ldif format to the Windows server

The Windows administrator must add the users manually to the roles (security groups) on the domain controller.

Two suggestions describing how the groups can be structured by the Windows administrator are given by below.

Example 1

The user is a direct or indirect member of the respective group:

DerBenutzer_01

Example 2

Users from various sectors (workshops) are members of groups with different prefixes:

DerBenutzer2

Setting up the Connection to Windows domain function

  1. To set up a Connection to Windows domain:
  2. Opening the User management window
  3. Select Connection to Windows domain
  4. Select Find domain
  5. The control selects a domain.
  6. Select APPLY
  7. The control opens the Connect to domain window.
  8.  
    Tip

    With the Organizational unit for computer account: function, you can specify in which of the already existing organizational units you want to create the access, e.g.

    • ou=controls
    • cn=computers

    The values you enter must match the conditions of the domain. The terms are not exchangeable.

  9. Enter the user name of the domain controller
  10. Enter the password of the domain controller
  11. Confirm your input
  12. The control connects to the Windows domain found.
  13. The control checks whether all of the required roles have been created in the domain as groups.
  14. Add groups, if necessary
  15. Groups of the domain