Configuring Ldap Dns (Base Paths) Per Ldap Server - AudioCodes Mediant 800B User Manual

Parameter
LDAP Bind DN
bind-dn
[LdapConfiguration_LdapConfBi
ndDn]
Management Attribute
mgmt-attr
[LdapConfiguration_MngmAuthA
tt]

15.4.5 Configuring LDAP DNs (Base Paths) per LDAP Server

The LDAP Search DN table lets you configure LDAP base paths. The table is a "child" of
the LDAP Servers table (see 'Configuring LDAP Servers' on page 258) and configuration is
done per LDAP server. For the device to run a search using the LDAP service, the base
path to the directory's subtree, referred to as the distinguished name object (or DN), where
the search is to be done must be configured. For each LDAP server, you can configure up
to three base paths.
The following procedure describes how to configure DNs per LDAP server through the
Web interface. You can also configure it through ini file (LdapServersSearchDNs) or CLI
(configure system > ldap ldap-servers-search-dns).
User's Manual
Defines the LDAP server's bind Distinguished Name (DN) or
username.

LDAP-based SIP queries: The DN is used as the username
during connection and binding to the LDAP server. The DN is
used to uniquely name an AD object. Below are example
parameter settings:

cn=administrator,cn=Users,dc=domain,dc=com

administrator@domain.com

domain\administrator

LDAP-based user login authentication: The parameter
represents the login username entered by the user during a
login attempt. You can use the $ (dollar) sign in this value to
enable the device to automatically replace the $ sign with the
user's login username in the search filter, which it sends to the
LDAP server for authenticating the user's username-password
combination. An example configuration for the parameter is
$@sales.local, where the device replaces the $ with the
entered username, for example, JohnD@sales.local. The
username can also be configured with the domain name of the
LDAP server.
Note: By default, the device sends the username in clear-text
format. You can enable the device to encrypt the username using
TLS (see the 'Use SSL' parameter below).
Defines the LDAP attribute name to query, which contains a list of
groups to which the user is a member. For Active Directory, this
attribute is typically "memberOf". The attribute's values (groups)
are used to determine the user's management access level; the
group's corresponding access level is configured in 'Configuring
Access Level per Management Groups Attributes' on page 264.
Note:

The parameter is applicable only to LDAP-based login
authentication and authorization (i.e., the 'Type' parameter is
set to Management).

If this functionality is not used, the device assigns the user the
configured default access level. For more information, see
'Configuring Access Level per Management Groups Attributes'
on page 264.
262
Mediant 800B Gateway & E-SBC
Description
Document #: LTRT-10632