AudioCodes Mediant 800B MSBR User Manual page 211
Multi-service business router; session border controller
Hide thumbs
Also See for Mediant 800B MSBR:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
User's Manual
The device connects to the LDAP server (i.e., an LDAP session is created) only when
a login attempt occurs. The LDAP Bind operation establishes the authentication of the
user based on the username-password combination. The server typically checks the
password against the userPassword attribute in the named entry. A successful Bind
operation indicates that the username-password combination is correct; a failed Bind
operation indicates that the username-password combination is incorrect.
Once the user is successfully authenticated, the established LDAP session may be
used for further LDAP queries to determine the user's management access level and
privileges (Operator, Admin, or Security Admin). This is known as the user
authorization stage. To determine the access level, the device searches the LDAP
directory for groups of which the user is a member, for example:
CN=\# Support Dept,OU=R&D
Groups,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=abc,DC=com
CN=\#AllCellular,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=a
bc,DC=com
The device then assigns the user the access level configured for that group (in
''Configuring Access Level per Management Groups Attributes'' on page 217). The
location in the directory where you want to search for the user's member group(s) is
configured using the following:
•
Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"), which defines the location in the directory
from where the LDAP search begins, and is configured in ''Configuring LDAP
DNs (Base Paths) per LDAP Server'' on page 216.
•
Search filter, for example, (&(objectClass=person)(sAMAccountName=JohnD)),
which filters the search in the subtree to include only the specific username. The
search filter can be configured with the dollar ($) sign to represent the username,
for example, (sAMAcountName=$). For configuring the search filter, see
''Configuring the LDAP Search Filter Attribute'' on page 217.
•
Management attribute (e.g., memberOf), from where objects that match the
search filter criteria are returned. This shows the user's member groups. The
attribute is configured in the LDAP Configuration table (see ''Configuring LDAP
Servers'' on page 212).
If the device finds a group, it assigns the user the corresponding access level and
permits login; otherwise, login is denied. Once the LDAP response has been received
(success or failure), the device ends the LDAP session.
For both of the previously discussed LDAP services, the following additional LDAP
functionality is supported:
Search method for searching DN object records between LDAP servers and within
each LDAP server (see ''Configuring LDAP Search Methods'' on page 220).
Default access level that is assigned to the user if the queried response does not
contain an access level.
Local users database (Web Users table) for authenticating users instead of the LDAP
server (for example, when a communication problem occurs with the server). For more
information, see ''Configuring Local Database for Management User Authentication''
on page 223.
Version 6.8
211
19. Services
Mediant 800B MSBR
Advertisement
Chapters
Table of Contents
Troubleshooting
