Ignition log in screen - unable to authenticate (can we bypass ldap?)

Phil_T · November 16, 2021, 12:32am

hi all,

in a bit of a pickle, and have no idea about the ignition software on linux / and web gui (inherited from old admin)

we have a linux box, with ignition authentication gateway, and on the log in screen, i can see “ldap” in the address bar, however, when i try to log in, it doesn’t accept my credentials.

is there a way to turn off ldap without the GUI?

we can log into the linux vm using a scada admin account. just want to know a way to bypass ldap through the GUI, and if there is a way to log in with a linux admin account into the gui?

thanks, if you require further info to help, please let me know.

PT

pturmel · November 16, 2021, 12:36am

There is a gwcmd utility in the install directory that can reset the admin account and identity provider to rescue such a situation.

josborn · November 16, 2021, 12:37am

This is the documentation to what pturmel mentions:
https://docs.inductiveautomation.com/display/DOC81/Gateway+Command-line+Utility+-+gwcmd#GatewayCommandlineUtilitygwcmd-GatewayPasswordReset

Phil_T · November 16, 2021, 1:10am

thanks guys, have managed to get into the GUI now!

previously, apparently users logged in via LDAP, and those users had to be part of an AD security group, example SCADA-Admins security group.

for some reason, i cannot find any entry of this group anywhere in the settings through the GUI.

is this even possible in the settings? users have told me they use to be able to log in with their AD credentials, but it seems that is no longer working?

i can still see LDAP settings configured, and a user search base defined.

pturmel · November 16, 2021, 1:17am

I’ll let others chime in–that is Windows stuff that my clients’ IT departments handle. I avoid the Windows plague.

Phil_T · November 16, 2021, 1:52am

ok, i’m getting closer.

can ldap authentication be based on a single AD security group? instead of individual users in ldap?