Administrative Web Interface
The Mideye Server utilizes a web interface for operation, administration, and management. This interface can be accessed via https://
The Web server port is configured in application-prod.yml around row 74. Default for Windows is 443 and Linux 8443
Configuration file locations
- Windows:
C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml. - Linux:
/opt/mideyeserver6/config/application-prod.yml
It is recommended to access the web interface from a desktop client using a modern web browser such as Microsoft Edge, Firefox, Chrome, or Safari. Web browsers on servers are often locked down and may not function as expected.
Web interface SSL-certificate¶
During the installation of the Mideye Server, a self-signed SSL certificate is automatically generated. To replace this with a custom certificate, please refer to the Certificate Management section.
Web interface Root password¶
A root user is created during the server installation. This account should be used exclusively for creating administrative accounts and for emergency purposes.
Reset password for Root account¶
To reset the root account password, encrypt the new password using the encoding utility tool available at:
Enter your password into the field of the encoding utility tool:
Copy the generated encoded password:
Log on to the database using an account with write permission and execute
mysql> UPDATE mideyeserver_db.mideye_user SET jhi_password = 'encrypted_password' WHERE user_name = 'root';
Unlocking the Root Account¶
To unlock the root account, log into the database with write permissions and execute the following command:
Web interface administrative accounts¶
To administer the web GUI, Mideye Server has four user roles:
- Root: There is only one root user, and this account should not be in use after creating a Super Administrator.
- Super Administrators: Same permissions as root user.
- Administrators
- Operators
All roles except for the root role can be mapped to LDAP accounts. See section LDAP-RADIUS Translation for details.
User Management (only authorized to perform these operations on a user with a lower security level)
- Create user
- Update user
- Delete user (any user is not allowed to delete itself)
Note: Operators are not allowed to write to any table except locked LDAP users.
The table below shows different tasks and what roles are allowed to perform the entity:
| Radius Server | Create | Root, Super Admins, Admins |
|---|---|---|
| Update | Root, Super Admins, Admin | |
| Delete | Root, Super Admins, Admin | |
| Read | Root, Super Admins, Admin, Operators | |
| Radius Client | Create | Root, Super Admins, Admins |
| Update | Root, Super Admins, Admins | |
| Delete | Root, Super Admins, Admins | |
| Read | Root, Super Admins, Admin, Operators | |
| Ldap Profile | Create | Root, Super Admins, Admins |
| Update | Root, Super Admins, Admins | |
| Delete | Root, Super Admins, Admins | |
| Read | Root, Super Admins, Admin, Operators | |
| Approved Radius IP | Create | Root, Super Admins, Admins |
| Update | Root, Super Admins, Admins | |
| Delete | Root, Super Admins, Admins | |
| Read | Root, Super Admins, Admin, Operators | |
| LDAP RADIUS Translation | Create | Root, Super Admins, Admins |
| Update | Root, Super Admins, Admins | |
| Delete | Root, Super Admins, Admins | |
| Read | Root, Super Admins, Admin, Operators | |
| Accounting | Read | Root, Super Admins, Admin, Operators |
| Authentication Log | Read | Root, Super Admins, Admin, Operators |
| Locked Ldap Users | Update | Root, Super Admins, Admin, Operators |
| Read | Root, Super Admins, Admin, Operators |
Create a new database Super Administrator¶
To create a new Super Administrator account, navigate to “Users and Tokens” followed by “Mideye Users”. Select “Actions”, followed by “Add new database user” and select 'Super Administrator' from the “Role” dropdown list. Add the following data to the account:
- Username
- Authentication Type
- Password
- Phone number (optional)
- Token number (optional)
- Message type (default FLASH-SMS)
- Expiration Date (optional)
- Select Web Admin RADIUS client in the “Radius Client” dropdown list
!!! note “Radius User Attributes” Can only be added to the user after the user has been given the appropriate data. After the correct data has been added, save the user and edit the user once more. From there, “Radius User Attributes” can be added.
Change password for database account¶
All database accounts can have their password changed. It is not possible to change the password of an account with the same privileges level as the logged-on account meaning that a Super Administrator can only change the password on accounts that have lower permission i.e Administrators, Operators and database users.
To change password, navigate to the “Mideye Users” tab. From there, pick the user that needs the password changed, and proceed to click on the icon between the pen and the bin.
Map LDAP-groups to Mideye Web GUI roles¶
Instead of using database accounts to administrate Mideye Server, LDAP-groups can be mapped to all roles except for the ROOT-role. Complete the following steps to add LDAP-groups:
- Connect to LDAP with a LDAP Profile.
- Enable LDAP Profile – LDAP-RADIUS Translation and add the attribute memberOf next to “LDAP Attribute Name”.
- Last part is to map LDAP-accounts or groups to the predefined roles used by Mideye Server. Navigate to “RADIUS Settings” followed by “RADIUS Translation”.
- Add the DN of a user or group to the predefined roles. In the example below, three groups was added to Super Administrator, Administrator and Operator
