Hello,
did anyone successful implement the Administration Login into OV2500 via WebUI authentication over LDAP?
The Usermanual is not very well written and described only radius and cppm radius configuration. Its not clear to me what is to configure in the AD to grant access to OmniVista WebUI.
Regards,
Dominik
Hi Dominik, the AD needs to provide a “memberOf” value for the LDAP user that matches the OV2500 UserGroup. See an example what the AD provides after successful authentication:
Thank you very much for your answer.
I have already written a German howto OmniVista 2500 NMS - WebUI LDAP Authentication - DominikGawin.de in my blog.
Maybe you have an idea why there is a default read permission if the user does not belong to any of the known groups.
The login should actually be denied…
Hi Dominik, cool Blog! Thanks for that one!
It looks like that as long as the credentials of the user are correct, it will get assigned to the “Default” group. This group has ReadOnly rights. If this is not desired, you can create a restricted Role and assign it to the “Default” group. This way, the user can login but not see any devices at all. See my example:
Thanks for the tip.
I have updated my blog accordingly.
Surely there is no prospect of further customization for the product? There is still a lot of access for a person who is not actually authorized.
