Configuring Ldap Dns (Base Paths) Per Ldap Server - AudioCodes Mediant 4000 SBC User Manual
Session border controller
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (1037 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (844 pages)
Table of Contents
Advertisement
User's Manual
Parameter
bind-dn
[LdapConfiguration_LdapConf
BindDn]
Management Attribute
mgmt-attr
[LdapConfiguration_MngmAut
hAtt]
15.4.5 Configuring LDAP DNs (Base Paths) per LDAP Server
The LDAP Search DN table lets you configure LDAP base paths. The table is a "child" of
the LDAP Servers table (see ''Configuring LDAP Servers'' on page 242) and configuration
is done per LDAP server. For the device to run a search using the LDAP service, the base
path to the directory's subtree, referred to as the distinguished name object (or DN), where
the search is to be done must be configured. For each LDAP server, you can configure up
to three base paths.
The following procedure describes how to configure DNs per LDAP server through the
Web interface. You can also configure it through ini file (LdapServersSearchDNs) or CLI
(configure system > ldap ldap-servers-search-dns).
To configure an LDAP base path per LDAP server:
1.
Open the LDAP Servers table (Setup menu > IP Network tab > RADIUS & LDAP
folder > LDAP Servers).
Version 7.2
username.
LDAP-based SIP queries: The DN is used as the username
during connection and binding to the LDAP server. The DN is
used to uniquely name an AD object. Below are example
parameter settings:
cn=administrator,cn=Users,dc=domain,dc=com
administrator@domain.com
domain\administrator
LDAP-based user login authentication: The parameter represents
the login username entered by the user during a login attempt.
You can use the $ (dollar) sign in this value to enable the device
to automatically replace the $ sign with the user's login username
in the search filter, which it sends to the LDAP server for
authenticating the user's username-password combination. An
example configuration for the parameter is $@sales.local, where
the device replaces the $ with the entered username, for
example, JohnD@sales.local. The username can also be
configured with the domain name of the LDAP server.
Note: By default, the device sends the username in clear-text format.
You can enable the device to encrypt the username using TLS (see
the 'Use SSL' parameter below).
Defines the LDAP attribute name to query, which contains a list of
groups to which the user is a member. For Active Directory, this
attribute is typically "memberOf". The attribute's values (groups) are
used to determine the user's management access level; the group's
corresponding access level is configured in ''Configuring Access
Level per Management Groups Attributes'' on page 247.
Note:
The parameter is applicable only to LDAP-based login
authentication and authorization (i.e., the 'Type' parameter is set
to Management).
If this functionality is not used, the device assigns the user the
configured default access level. For more information, see
''Configuring Access Level per Management Groups Attributes''
on page 247.
245
Description
15. Services
Mediant 4000 SBC
Advertisement
Table of Contents
