So you you talking about setting the permissions in AD? With Genetec you can pull in entire AD Security Groups and their included users, and then set the permissions for those groups (as far as what they can do) in Genetec itself. I've always assumed thats how other manufacturers work their LDAP integration.
For exacqVision the configuration of granular permissions (cameras, playback, etc.) is performed and stored in exacqVision. You can map those permissions to AD users or AD groups, so you don't need to manage the *users* in exacqVision, but the *permissions* are managed in exacqVision.
Single sign-on is supported as well.
Yes my assumption as to how this was probably handled by different VMS systems was: Bring AD Groups into the VMS system where each group is assigned access to the VMS and then use AD to assign specific AD users to the AD groups according to what access they need, and not the other was around (bring cameras and other items from the VMS into AD and assign cameras... to each AD-user/AD-group)
Make an AD-Group: Name=VMS_View_cameras_only
Assign this group to a operator usergroup on the VMS system that have only view for the cameras.
Make an AD-Group: Name=VMD_Full_camera_control
Assign this group to a operator usergroup on the VMS system that have full control for the cameras.
Make an AD-Group: Name=VMD_Administrators
Assign this group to a administrator usergroup on the VMS system.
Am I right in assuming this is the way that most VMS systems do AD/LDAP integration?