Enabling The Ldap Service; Enabling Ldap-Based Web/Cli User Login Authentication And Authorization - AudioCodes Mediant 3000 User Manual

The device then assigns the user the access level configured for that group (in
'Configuring Access Level per Management Groups Attributes' on page 228). The
location in the directory where you want to search for the user's member group(s) is
configured using the following:
•
Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"), which defines the location in the directory
from where the LDAP search begins, and is configured in 'Configuring LDAP DNs
(Base Paths) per LDAP Server' on page 226.
•
Search filter, for example, (&(objectClass=person)(sAMAccountName=JohnD)),
which filters the search in the subtree to include only the specific username. The
search filter can be configured with the dollar ($) sign to represent the username,
for example, (sAMAccountName=$). For configuring the search filter, see
'Configuring the LDAP Search Filter Attribute' on page 227.
•
Management attribute (e.g., memberOf), from where objects that match the
search filter criteria are returned. This shows the user's member groups. The
attribute is configured in the LDAP Configuration table (see 'Configuring LDAP
Servers' on page 223).
If the device finds a group, it assigns the user the corresponding access level and
permits login; otherwise, login is denied. Once the LDAP response has been received
(success or failure), the device ends the LDAP session.
For both of the previously discussed LDAP services, the following additional LDAP
functionality is supported:

Search method for searching DN object records between LDAP servers and within
each LDAP server (see 'Configuring LDAP Search Methods' on page 230).

Default access level that is assigned to the user if the queried response does not
contain an access level.

Local users database (Web Users table) for authenticating users instead of the LDAP
server (for example, when a communication problem occurs with the server). For more
information, see 'Configuring Local Database for Management User Authentication' on
page 233.

16.3.1 Enabling the LDAP Service

Before you can configure LDAP support, you need to enable the LDAP service.

To enable LDAP:
1. Open the LDAP Settings page (Configuration tab > VoIP menu > Services > LDAP
> LDAP Settings).
Figure 16-4: Enabling LDAP on the LDAP Settings Page
2. Under LDAP Settings, from the 'LDAP Service' drop-down list, select Enable.
3. Click Submit, and then reset the device with a burn-to-flash for your settings to take
effect.
16.3.2 Enabling LDAP-based Web/CLI User Login Authentication and
Authorization
The LDAP service can be used for authenticating and authorizing device management
users (Web and CLI), based on the user's login username and password (credentials). At
the same, it can also be used to determine users' management access levels (privileges).
User's Manual 222
Mediant 3000
Document #: LTRT-89738