Access Control

Version: 17.07

Supported Since: 17.01

Access control mechanisms facilitate the limiting of operational scopes of different users of an IPS installation.

IPS provides two modes of access control: one based on simple static username-password based authentication, and a more structured one based on Active Directory (LDAP).

Simple Authentication

This provides a single super-admin account (with all privileges) accessible via the username admin and password admin.

LDAP-based Access Control

This mode of access control is not available in the demo IPS installation.

IPS can be configured with an LDAP server by defining appropriate values for the following environment variable entries of the IPS web application runtime:

Variable Description Example


base URL of the LDAP server



domain of the LDAP server


base path of the LDAP user base



username for LDAP login


password for LDAP login



DN of the super-admin LDAP group


These can be configured by modifying the corresponding entries under the spec.template.spec.containers[0].env section of the ipsweb replication controller. This allows IPS to utilize the role-based access control model defined in the specified LDAP server.

Session Invalidation

In order to guarantee consistency between user sessions and access control policies, IPS invalidates all existing user sessions (effectively logging out all currently logged-in users) whenever an access control-related update (e.g. group deletion/modification) is performed. This includes the session of the user performing the update, meaning that if you made such a modification you will also be immediately logged out from the dashboard webapp (which is the expected behavior) and will have to log in again in order to continue accessing the dashboard.

session invalidation confirmation
Figure 1. Session invalidation confirmation prompt
In this topic
In this topic
Contact Us