• Summary: LDAP and local user authentication.
• Symptoms: Unable to log into appliance except as admin or user does not have correct permissions.
• Cause: Optional User Authentication methods.
• Steps to resolve issue:

KBOX allows you to manage user authentication either locally, on the Users tab under Portal/Help Desk, or via LDAP. LDAP Authentication is enabled on the KBOX Settings/Authentication tab.

Built-in admin user

Even when LDAP authentication is enabled, the user named “admin” gets special treatment, and is always authenticated locally.

 For any other user name, the steps for authentication depend on the server settings.

Local authentication

When local authentication is enabled, the password is authenticated against the entry in the local database, and determination of readonly admin vs. full admin permissions is also made against that database.

LDAP Authentication

If LDAP authentication is enabled, the password is authenticated against LDAP, trying first the “Admin” LDAP settings, then if that fails, the “Readonly Admin” LDAP.

After either of these LDAP authentications succeeds, there is one more check against the local database which can override the readonly admin vs full admin permissions determined by LDAP. This could be useful if you want to just setup one LDAP query for authentication of admins and manage the readonly vs. full admin determination in the local database.