Quick start

To start, create or open a TwinCAT HMI project.

Installation

Install the NuGet package "Beckhoff.TwinCAT.HMI.Ldap" via the NuGet Package Manager.

Configuration of the LDAP extension

1. Open the server configuration page

2. Go to the TcHmiLdap / General tab
Quick start 1:

3. Define under:
    Host , the name of the domain or the IP address of the LDAP Server.
    Port of the LDAP service. Typically, port 389 is used for unencrypted connections and port 636 is used for encrypted connections.
    Use TLS Activates encryption via TLS (recommended setting).
    Trust all certificates should only be disabled for test purposes. Otherwise the server certificate will not be validated.
    Base DN Base Distiguished Name (DN) specifies the entry point for the user search. E.g. use "DC=beckhoff,DC=com" if the domain is "Beckhoff.com".
    Synchronization interval at which the groups of active sessions are synchronized. Sessions for blocked users are terminated.

4. Go to the LDAP authentication
tab Quick start 2:

5. Define under:
    Authentication mechanism for the bind user in a protected environment, "Simple" can be used.
    Bind user DN full Distinguished Name of the administrative user that can be used for the search.
    Bind user password Password of the administrative user.

6. Go to the HMI authentication
tab Quick start 3:

7. Define:
    Authentication mechanism, use Simple for Quickstart.
    User name attribute, use userPrincipleName, this allows the user name and domain to be specified in e-mail format (e.g. user@beckhoff.com)
    Append the domain during login, append the domain (e.g. beckhoff.com) if you only want to log in with the username.

The users and groups found in the LDAP are now available in the user management.

Configuration of the user management

1. Open the TwinCAT HMI Configuration tool window to create a new group mapping and open the dialog to create a new group (1, 2). Search for the desired LDAP group (3, 4) and activate the checkbox. Enter the name of the new group (5) and confirm with OK (6).
Quick start 4:

2. In the HMI project, go to the configuration page of the TwinCAT HMI Server on the Security tab and set the Select user by setting to Textfield. This allows the user names to be created via a text field.

3. To test, drop a UserManagement Control onto the Desktop.view, open the LiveView and activate the authentication simulation (1). Select the LDAP extension (2), use your LDAP login data (3) and log in (4).
Quick start 5:

4. The user management control shows the current user (1). When an LDAP user logs in for the first time, the appropriate HMI user is also configured (2).
Quick start 6:

The configured user is now available in the user management and can be used.