Quickstart

Carry out the following steps to put the TwinCAT HMI LDAP Extension into operation.

Installation of the NuGet package

1. Create or open an HMI project.
2. Open the NuGet Package Manager (right-click on the References node of the HMI project in the Solution Explorer)
3. The package source can be nuget.org or “Beckhoff Offline Packages” if the extension was previously installed via TcPkg.
4. Search for Beckhoff.TwinCAT.HMI.Ldap and install the extension.
5. The package is added to the project and the extension is started by the HMI server.

Configuring the extension

1. Open the configuration page of the LDAP extension in the HMI project
2. Enter the following settings on the “General” tab:
• Host: Domain name or IP address of the LDAP server
• Port: Port of the LDAP service. Typically, port 389 is used for unencrypted connections and port 636 is used for encrypted connections.
• Use TLS: Activate encryption via TLS (recommended setting).
• Trust all certificates: Should only be deactivated for test purposes. Otherwise the server certificate will not be validated.
• Base DN: Base Distiguished Name (DN) specifies the entry point for the user search. E.g. use “DC=beckhoff,DC=com” if the domain is “Beckhoff.com”.



3. Enter the following settings on the “LDAP Authentication” tab:
• Authentication mechanism for bind user: “Simple” can be used in a protected environment
• Bind user DN: Full Distinguished Name of the administrative user that can be used for the search.
• Bind user password: Password of the administrative user



4. Enter the following settings on the “HMI authentication” tab:
• Authentication mechanism: Use Simple for the Quickstart.
• Username attribute: Use userPrincipleName so that the user name and domain can be specified in e-mail format (e.g. user@beckhoff.com)
• Append the domain during login: Add the domain (e.g. beckhoff.com) if you want to log in with the user name only.
5. Open the TwinCAT HMI Configuration tool window to create a new group mapping and open the dialog to create a new group (1, 2). Search for the desired LDAP group (3, 4) and activate the checkbox. Enter the name of the new group (5) and confirm with OK (6).



6. In the HMI project, go to the configuration page of the TwinCAT HMI server on the “Security” tab and set the Select user by setting to Textfield. This allows the user names to be created via a text field.
7. To test, drop a UserManagement Control onto the Desktop.view, open the LiveView and activate the authentication simulation (1). Select the LDAP extension (2), use your LDAP login data (3) and log in (4).



8. The user management control shows the current user (1). When an LDAP user logs in for the first time, the appropriate HMI user is also configured (2).