Skip to main content

Ignition Active Directory LDAP Optimization

To speed up LDAP authentication, the use of LDAP search bases and filters will limit the number of users and roles/groups returned by Active Directory which will speed up logins considerably. Make the following changes in accordance with your AD tree and where users/roles are stored:

User Search Base
(ou=Domain Users,ou=Plant OT,dc=PlantCTRL,dc=SCADA)
User List Filter

The following user list filter only returns users who belong to certain groups.

(&(objectClass=user)(!(objectClass=computer))(|(memberOf=cn=Plant 2 Operator Access,ou=Plant 2,ou=OT Domains,ou=Security Groups,ou=Plant OT,dc=PlantCTRL,dc=SCADA)(memberOf=cn=Plant 2 Supervisor Access,ou=Plant 2,ou=OT Domains,ou=Security Groups,ou=Plant OT,dc=PlantCTRL,dc=SCADA)(memberOf=cn=Plant 2 Technician Access,ou=Plant 2,ou=OT Domains,ou=Security Groups,ou=Plant OT,dc=PlantCTRL,dc=SCADA)(memberOf=cn=Plant 2 Administrator Access,,ou=Plant 2,ou=OT Domains,ou=Security Groups,ou=Plant OT,dc=PlantCTRL,dc=SCADA)))
Role Search Base
(ou=OT Domains,ou=Security Groups,ou=Plant OT,dc=PlantCTRL,dc=SCADA)
No Comments
Back to top