LDAP lost privileges in Ignition login from EPIC

Ignition
1

Ignition 8 installed on PR2.

Working on implementing LDAP. I got Designer and Client access to work but when I went back to access to Ignition from the EPIC system, login works but no privileges to do anything.

Any suggestions for recovery?

2

I have installed license for shell access. where is the installation folder for ignition 8 where i can run gwcmd?

3

Were you using LDAP access through Ignition, if so which method? If recall there are a couple of different ways using LDAP and hybrid access.

You configured the access through that in the gateway, and it is all working with external clients, and the designer, but logging into the Ignition Gateway has no privileges? You created admin accounts with this as well, and that is not working? You verified this with your IT department about the LDAP account access?

can you send the log files over? You should still be able to grab them in groov Manage.

4

Thanks GReichert for you response.
I decided to re-install the OPTO22 EPIC PR2 firmware (4.0.2) to resolve this problem. Now I am back up and trying to understand a strategy forward for LDAP.

IG is installed on a dedicated EPIC PR2. While working on LDAP for the EPIC, have had to use full Active Directory configuration. (We started with Hybrid but could not establish privileges per user.)

Because of our experience with LDAP on the EPIC system we decided to try full AD for Ignition LDAP. The following is the process we followed:

  1. Using the Administrator access from the EPIC to open Ignition, Defined a new Active Directory User Source. (Users can have Editor or Operator privilege from LDAP)
  2. Using the Administrator access, set Designer to use the new LDAP User Source. (tested my Designer access to Ignition (from the Windows PC) and it worked.)
  3. Then I spent hours in the Administrator access trying to get Client to work.
  4. Finally I discovered that, While In the DESIGNER, I could set the User Source for Client access.
  5. After verifying that worked we went back to check Administrator access. Able to log in, but no longer had any privilege - cannot do anything. I must have damaged that access when I was trying to get Client LDAP access to work from my Administrator access.
  6. I do not and cannot have Administrator privilege added to my LDAP account.

Going forward, I believe I should do steps 1, 2 and 4 above to establish access as follows:

  1. Administrator using the default User Source (user has Administrator Priv)
  2. Designer using LDAP User Source (user has Editor Priv)
  3. Client using LDAP User Source (User has Operator or Editor Priv)

Again thanks for your response! Would appreciate any additional advice from other’s experience.