Authenticating with Active Directory

I have tried for several hours, and I still can’t get the configuration to Active Directory to work. While I wouldn’t consider myself an Active Directory expert, I have done as much as I can with resources online, and I’m hoping someone in the forum can steer me straight.

I think I have realized that FPMI is expecting me to establish a group in my AD structure, and put the users I want to allow to access the FPMI projects into that group. I’ve also been able to confirm that AD is acting properly from another LDAP application, so I know that my Connection URLs and username should at least be allowing FPMI to connect to my Domain Controller.

What I can’t seem to get are the User Search Pattern, Role Search Pattern, Role Base Path and Role Attribute Name. Here’s how I’ve set up AD:

  • the domain name is hancocklumber.com
  • I have an OU called “Groups”
  • In the “Groups” OU, there is a group called “FPMI Users”
  • In the “FPMI Users” group, I have placed my user

I have tried many variations on the examples given in FPMI, and have not yet been able to successfully authenticate using the “Test Profile” page. Here is the last incarnation of the field settings:

User Search Pattern:
CN={0},CN=FPMI Users,OU=Groups,DC=hancocklumber,DC=com

Role Search Pattern:
(member={0})

Role Base Path:
CN=FPMI Users,OU=Groups,DC=hancocklumber,DC=com

Role Attribute Name:
cn

Would somebody please tell me how I should modify these settings so that I can authenticate users against Active Directory?

Thanks!

-Kevin

First of all, check your gateway log (under C:\Program Files\Inductive Automation\FactoryPMI\logs\FPMIService.log.html) too see if the profile is able to connect to the LDAP server or not.

Second, assuming no problems with the connection, export an LDIFDE export of your active directory tree. To do this, open up a command prompt on a windows server machine and do a :

LDIFDE –f ADdump.ldf –s ABCD

where ABCD is your domain controller. This will create a dump file called ADdump.ldf that contains your active directory tree in text format. (don’t worry - it doesn’t have sensitive info like passwords in it). This is very helpful in getting your LDAP queries correct (they are very unforgiving). You can email this dump file to us at support@inductiveautomation.com and we can help you more.

Hope this helps,