Configuring The Ldap Search Filter Attribute; Configuring Access Level Per Management Groups Attributes - AudioCodes E-SBC User Manual
Hide thumbs
Also See for E-SBC:
- User manual (1482 pages) ,
- Hardware installation manual (39 pages) ,
- User manual (887 pages)
Table of Contents
Advertisement
CHAPTER 16 Services
Parameter
'Base DN'
set base-path
[LdapServersSearchDNs_
Base_Path]
Configuring the LDAP Search Filter Attribute
When the LDAP-based login username-password authentication succeeds, the device searches
the LDAP server for all groups of which the user is a member. The LDAP query is based on the
following LDAP data structure:
■
Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"): The DN defines the location in the directory from
which the LDAP search begins and is configured in
LDAP
Server.
■
Filter (e.g., "(&(objectClass=person)(sAMAccountName=johnd))"): This filters the search
in the subtree to include only the login username (and excludes others). This is configured by
the 'LDAP Authentication Filter' parameter, as described in the following procedure. You can
use the dollar ($) sign to represent the username. For example, the filter can be configured as "
(sAMAccountName=$)", where if the user attempts to log in with the username "SueM", the
LDAP search is done only for the attribute sAMAccountName that equals "SueM".
■
Attribute (e.g., "memberOf") to return from objects that match the filter criteria: The
attribute is configured by the 'Management Attribute' parameter in the LDAP Servers table (see
Configuring LDAP
Therefore, the LDAP response includes only the groups of which the specific user is a member.
●
●
➢
To configure the LDAP search filter for management users:
1.
Open the LDAP Settings page (Setup menu > IP Network tab > RADIUS & LDAP folder >
LDAP Settings).
2.
In the 'LDAP Authentication Filter' field, enter the LDAP search filter attribute for searching the
login username for user authentication:
3.
Click Apply.
Configuring Access Level per Management Groups Attributes
The Management LDAP Groups table lets you configure LDAP group objects and their
corresponding management user access level. The table is a "child" of the LDAP Servers table
(see
Configuring LDAP Servers
server, you can configure up to three table row entries of LDAP group(s) and their corresponding
access level.
Defines the full path (DN) to the objects in the AD where the
query is done.
The valid value is a string of up to 256 characters.
For example: OU=NY,DC=OCSR2,DC=local. In this example,
the DN path is defined by the LDAP names, OU (organizational
unit) and DC (domain component).
Servers).
The search filter is applicable only to LDAP-based login authentication and
authorization queries.
The search filter is a global setting that applies to all LDAP-based login
authentication and authorization queries, across all configured LDAP servers.
) and configuration is done per LDAP server. For each LDAP
Mediant 1000 Gateway & E-SBC | User's Manual
Description
Configuring LDAP DNs (Base Paths) per
- 220 -
- Quick Links:
- Default Ip Address
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
