Configuring Access Level Per Management Groups Attributes - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
CHAPTER 16 Services
●
●
➢
To configure the LDAP search filter for management users:
1.
Open the LDAP Settings page (Setup menu > IP Network tab > RADIUS & LDAP folder >
LDAP Settings).
2.
In the 'LDAP Authentication Filter' field, enter the LDAP search filter attribute for searching the
login username for user authentication:
3.
Click Apply.
Configuring Access Level per Management Groups Attributes
The Management LDAP Groups table lets you configure LDAP group objects and their
corresponding management user access level. The table is a "child" of the LDAP Servers table
(see
Configuring LDAP Servers
server, you can configure up to three table row entries of LDAP group(s) and their corresponding
access level.
●
●
●
Group objects represent groups in the LDAP server of which the user is a member. The access
level represents the user account's permissions and rights in the device's management interface
(e.g., Web and CLI). The access level can either be Monitor, Administrator, or Security
Administrator. For an explanation on the privileges of each level, see
User
Accounts.
When the username- password authentication with the LDAP server succeeds, the device
searches the LDAP server for all groups of which the user is a member. The LDAP query is based
on the following LDAP data structure:
The search filter is applicable only to LDAP-based login authentication and
authorization queries.
The search filter is a global setting that applies to all LDAP-based login
authentication and authorization queries, across all configured LDAP servers.
) and configuration is done per LDAP server. For each LDAP
The Management LDAP Groups table is applicable only to LDAP-based login
authentication and authorization queries.
If the LDAP response received by the device includes multiple groups of which the
user is a member and you have configured different access levels for some of
these groups, the device assigns the user the highest access level. For example, if
the user is a member of two groups where one has access level "Monitor" and the
other "Administrator", the device assigns the user the "Administrator" access level.
When the access level is unknown, the device assigns the default access level to
the user, configured by the 'Default Access Level' parameter as used also for
RADIUS (see
Configuring RADIUS-based User
the following scenarios:
✔
The user is not a member of any LDAP group.
✔
The group of which the user is a member is not configured on the device (as
described in this section).
✔
The device is not configured to query the LDAP server for a management
attribute (see
Configuring LDAP
Authentication). This can occur in
Servers).
- 226 -
Mediant 4000 SBC | User's Manual
Configuring Management
Advertisement
Table of Contents
Troubleshooting
