LDAP Agent User Guide
Introduction
About this Document
The HID Visitor Manager LDAP Agent documentation aims to provide information and instructions for configuring the HID Visitor Manager LDAP Agent for integration with the on prem LDAP Security Center Systems. The documents also specify tools and techniques that are generally used to troubleshoot any problems that may arise while integration. It uses a combination of high-level feature descriptions, representative screen images and specific sequences to perform configuration and integration of HID Visitor Manager with LDAP.
Summary of Agent Functionality
The agent, once configured, communicates with LDAP Active Directory to achieve –
-
Propagation of Person details from LDAP to HID Visitor Manager.
Intended Audience
It is expected that this guide will be used by administrative and technical staff during the integration of HID Visitor Manager with the LDAP Security Center system. In order to get the most from this guide, the readers should have an understanding and familiarity of:
-
The local computer environment at the site where LDAP is installed.
-
HID Visitor Manager system, agents and LDAP systems and its components.
Pre-Requisites
-
LDAP is installed and running properly
-
HID Visitor Manager account must be enabled with LDAP add-on subscription.
-
Operator account having all the privileges to log into LDAP.
Downloading the Agent Installer
-
Log in to HID Visitor Manager portal using Visitor Administrator credentials
-
Navigate to Settings app > Downloads
-
Click the HID Visitor Manager Agent Installer link and save the file (OnPremAgentSetup.Zip)
-
Install the HID Visitor Manager Agent installer by following the instructions in the next section
On-prem Installer Guide
The On-Prem agents will need to be installed and configured in a somewhat similar way as every other agent but will happen outside of the scope of the standard SAFE Application Server. Standard SAFE installation will not be required for such IOT Enabled On-Prem agents, and instead, the following installer will perform the requisite duties of initially installing the agent On-Premise.
From a high level, the workflow of the installer will need to perform the following actions, and will do-so in the following order spelled out by the installation steps below.
System Requirements
Operating System: Windows 10, Windows Server 2016 Standard, or Windows Server 2019 Standard.
NOTE: The OS must be synchronized with a valid NTP server.
RAM: 4 GB
Processor: Intel Core i3 @ 1.00 GHz
Hard Drive Space: 5 GB
Software: Microsoft .Net Framework 4.8 (https://dotnet.microsoft.com/download/dotnet-framework/net48)
Launch the Installer Application
The downloaded file (OnPremAgentSetup.zip) will need to be copied to the On-Prem server where the agent is intended to be run. From there, once extracted, the Installer Application (OnPremAgentSetup.exe) will need to be launched. The user will be presented with the following screen:
PACS Specific Details will be Captured
Enter the HID Visitor Manager URL, Username and Password which is provided to log in to the tenant. Click Next to continue.
Validate Operator Credential
When the operator enters the wrong credentials,the operator will be notified immediately and need to enter the correct credentials before trying again.
Select a System to Install
On this page, choose a PACS system to install from the dropdown menu as required.
Specify Installation Path for the Agent
An installation path will be selected to install agent files. This allows the user to specify which directory they would like to install the agent. The default path is set to the standard agent installation location, alternatively, the user can click on the Browse button to select the directory to install, and agent files will be installed on that directory.
Based on this path, the Windows Service entry for the agent will point to this location, if a custom directory was chosen. Click on the Nextbutton to begin the Agent Installation.
Installation Process is Started
The next screen will show the progress bar, as well as the details of the steps being performed along the way.
The steps that will be performed during this installation are as follows:
-
Prerequisite Checks will be Performed
Based on the agent selected on the previous screen, a customized set of prerequisites will be performed for things such as .NET framework version installation, or other items specific to a given integration. -
Generate Certificates for IOT Device Registration
PK/CSR based on the system where this is running, and the agent being installed, will be generated. -
Call Agent Registration Service
The PK/CSR generated in the previous step will be used as input to this service, in order to generate and/or match up with the appropriate IOT device that will be used to broker communications between SAFE in the cloud, and the On-Prem service. -
Extract Device Certificates and Store them into the Windows Certificate Manager
The certificates relating to the IOT device for this agent will be parsed out of the response to the registration service and installed into the Windows Certificate Store. The AWS Root certificate will be installed in the Local Systems 'Trusted Root', and the actual device certificate will be installed into the Local Systems 'Personal' certificate store. -
Create Agent Folder
The files required for the soon-to-be created service will be installed into the appropriate location on the local file system, based on the system to integrate, chosen on the previous screen of the installer. -
Create the Agent Service
This is where we will create theWindows service (integrated agent) that will act as the communication point to the connected system. Such agents run as Windows services on the operating system and are responsible for processing requests sent from SAFE in order to translate them and provision the specified actions/data into the connected system. -
Update the Registry
Some Windows logging features/paths are stored in and loaded from the Windows Registry. These registry keys will be set up at this time, and are primarily used for logging purposes.
Installation Complete
When all of the above steps are completed, the user will be presented with the following screen indicating that the installation has completed successfully.
In the case of an error, the installer will proceed to the final screen, and details of the error will be presented in order tooutline what occurred.
Configuring Agent
-
Log in to HID Visitor Manager.
-
Click App Launcher and select Settings app.
-
Click on the Configuration Manager link, the list of integrated systems appears.
-
Select the LDAP agent system and click the General sub-tab and verify the settings if they are set as below.
-
click the Advanced sub-tab. Configure the required settings under the Agent Configuration, Connection and Read Mode sections.
-
Once the configuration is complete please start/restart the HID Visitor Manager LDAP Agent window service. Follow the below steps to navigate to services.
-
Press Windows + R keys.
-
In the run dialogue box enter services.msc and click OK.
Note: Any change to LDAP Configuration on HID Visitor Manager Configuration App needs restart of LDAP Agent Service to take affect.
Agent Verification
This section explains how the access areas are synced from LDAP to HID Visitor Manager and how they get assigned to a Visitor.
-
Once the Agent is started navigate to Identities app > Audit tab.
-
Search for Source as LDAP, it displays an entry for person from LDAP to HID Visitor Manager with the Response as Success.
-
Click on Audit entry to open the Audit Details.
-
Under Audit Details > Request you must be seeing the Person read as part of Person readback. Copy the Person's Name.
-
Navigate to Identities app > All Identities.
-
Search for the Person copied from Audit. You must be seeing the Person under Personnel.
-
Troubleshooting
Error 1: Audit Log
HID Visitor Manager application audit logs can be used to troubleshoot any issues as it records each transaction that happens between HID Visitor Manager and LDAP. Here are a few screenshots to help understand how they can be used to troubleshoot issues. Navigate to Visitors app > Audit tab (or) Navigate to Credential app > Audit tab. On this you can search and filter for specific audit logs you need to analyze. You can search for messages from LDAP to HID Visitor Manager .
If the LDAP agent successfully processed the XML message, then the result is returned and the response status is recorded as “Success.”
Error 2: Errors due to incorrect mappings
Check the agent mappings in the web configurator Data Objects tab to make sure the case is correct for all the field names (e.g. a field name set to 'STATUS' may behave differently than if it were set as mixed case 'Status').
Error 3: On-prem agent Logs
Use log located at C:\Program Files\HID\SAFE\Common\Logs on agent installation machine to troubleshoot issues with LDAP agent. All LDAP agent-related log entries are stored in “LDAPAgentLog.txt”