Configuring Ldap Dns (Base Paths) Per Ldap Server - AudioCodes Mediant 4000 SBC User Manual

CHAPTER 16 Services
'Management Attribute'
mgmt-attr
[LdapConfiguration_MngmAuthAtt]
'No Op Timeout'
noop-timeout
[LdapConfiguration_NoOpTimeout]

Configuring LDAP DNs (Base Paths) per LDAP Server

The LDAP Search DN table lets you configure LDAP base paths. The table is a "child" of the LDAP
Servers table (see
device to run a search using the LDAP service, the base path to the directory's subtree, referred to
as the distinguished name object (or DN), where the search is to be done must be configured. For
each LDAP server, you can configure up to three base paths.
The following procedure describes how to configure DNs per LDAP server through the Web
interface. You can also configure it through ini file [LdapServersSearchDNs] or CLI (configure
system > ldap ldap-servers-search-dns).
➢
To configure an LDAP base path per LDAP server:
1. Open the LDAP Servers table (Setup menu > IP Network tab > RADIUS & LDAP folder >
LDAP Servers).
2. In the table, select the row of the LDAP server for which you want to configure DN base paths,
and then click the LDAP Servers Search Based DNs link located below the table; the LDAP
Server Search Base DN table opens.
3. Click New; the following dialog box appears:
Parameter
Configuring LDAP Servers) and configuration is done per LDAP server. For the
Description
Defines the LDAP attribute name to query, which
contains a list of groups to which the user is a member.
For Active Directory, this attribute is typically
"memberOf". The attribute's values (groups) are used to
determine the user's management access level; the
group's corresponding access level is configured in
Configuring Access Level per Management Groups
Attributes.
Note:
■ The parameter is applicable only to LDAP-based
login authentication and authorization (i.e., the 'Type'
parameter is set to Management).
■ If this functionality is not used, the device assigns
the user the configured default access level. For
more information, see
Management Groups
Defines the timeout (in minutes) of inactivity in the
connection between the device and the LDAP server,
after which the device sends an LDAP "abandon"
request to keep the LDAP connection alive (i.e., LDAP
persistent connection).
The valid value to enable this feature is any value
greater than 0. The default is 0 (i.e., if there is no activity
on the connection, the device does not send "abandon"
requests and the LDAP server may disconnect).
Note: The parameter is applicable only to LDAP
connections that are used for routing (i.e., the 'Type'
parameter is configured to Control).
- 224 -
Mediant 4000 SBC | User's Manual
Configuring Access Level per
Attributes.