The KACE SMA appliance allows you to manage user authentication either locally, on the Users category under Settings, or via LDAP. LDAP Authentication is enabled on the KACE appliance Settings | User Authentication. If separate organizations are enabled, authentication will need to be setup for each organization.
***Note: You must decide how users will authenticate either LDAP or locally. You cannot use both***
Built-in admin user
Even when LDAP authentication is enabled, the user named “admin” gets special treatment, and is always authenticated locally.
For any other user name, the steps for authentication depend on the server settings:
Local authentication
When local authentication is enabled, the password is authenticated against the entry in the local database, and determination of read-only admin vs. full admin permissions is also made against that database.
LDAP Authentication
If LDAP authentication is enabled, the password is authenticated against the configured LDAP server. Authentication will first try the “Admin” LDAP settings, then if that fails, the “Read-only Admin” LDAP.
After either of these cases LDAP authentications succeeds, there is one more check against the local database which can override the read-only admin vs full admin permissions determined by the LDAP configuration. This could be useful if you want to just setup one LDAP query for authentication of admins and manage the read-only vs. full admin determination in the local database.© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center