IG-156-EN version 04; 25/01/19
16
Web Application: Web server (HTTP and HTTPS)
General instructions
ekor.ccp
4.2. LDAP authentication
The LDAP client used in the ekor.ccp is compatible with
OpenLDAP 2.4.x. The steps for LDAP authentication are:
1. Anonymously link to the LDAP server.
2. Checking the user name and password to log on to the Web
application. This checks that the username/password pair is
correct.
3. Reading the other attributes (except username/password) by
the remote, to validate them before allowing the user access
to the unit. The attributes that are checked are:
a. User Profile: Administrator profile or display profile.
b. Attributes: There are 8 possible attributes. Whenever
any of these fields has the value ALL it means that this
attribute has no restrictions.
4. The user/password is required for any new Web access.
An attempt will be made to validate the username/password
with the LDAP server, and if no reply is received, "n" retries
(definable in the n_retry parameter of the settings tab on
the remote) must be performed with a time between retries
of t_retry more until the authentication process is classed as
failed, indicating the situation to the user.
If a response is received from the LDAP server, the
authentication process is completed. If the authentication
is not valid, no retries are made.
If a positive authentication is obtained, a application session-
level validation is made for this user, with the corresponding
profile, which is valid until the session is closed, or until
session timeout (tact attribute of the LDAP parameter: time
a session without traffic remains authenticated, which must
be modifiable), at which point it must be re-authenticated.
4.2.1. Session control
From both local and remote access, once you are
authenticated with the administrator profile you can select
the access mode, view (without permission for modification)
or administrator mode:
Figure 4.2.
Access control
There can be up to 2 users connected simultaneously in
view mode and 1 in administrator mode. A new user who
wants to connect via Web in administrator mode, if there is
already one connected, is given the following options:
1. Cancel the session of the previous administrator and log in as
administrator.
2. Enter in view mode only (if free sessions
are avaiable for that).
3. Exit and try again later.
The connected user has the ability to open tabs in different
windows simultaneously
