Enabling The Ldap Service; Enabling Ldap-Based Web/Cli User Login Authentication And Authorization - AudioCodes Mediant 800 User Manual
Gateways & session border controllers
Hide thumbs
Also See for Mediant 800:
- Reference manual (195 pages) ,
- Configuration manual (81 pages) ,
- Installation manual (64 pages)
Table of Contents
Advertisement
CHAPTER 16 Services
If the device finds a group, it assigns the user the corresponding access level and permits login;
otherwise, login is denied. Once the LDAP response has been received (success or failure), the
device ends the LDAP session.
■
LDAP-based Management services: This LDAP service works together with the LDAP-
based management account (described above), allowing you to use different LDAP service
accounts for user authentication and user authorization:
●
Management-type LDAP server: This LDAP server account is used only for user
authentication. For more information about how it works, see Management-related LDAP
Queries, above.
●
Management Service-type LDAP server: This LDAP server account is used only for user
authorization (i.e., the user's management access level and privileges). The device has an
always-on connection with the LDAP server and uses a configured (fixed) LDAP
username (Bind Name) and password. Only if user authentication succeeds, does the
device query this Management Service-type LDAP server account for user authorization.
Thus, management groups and DNs are configured only for this LDAP server account
(instead of for the regular LDAP-based management account).
Therefore, user authorization is done only by a specific LDAP "administrator", which has a fixed
username and password. In contrast, user authentication is done by the user itself (i.e., binding
to the LDAP account with each user's username and password). Having a dedicated LDAP
account for user authorization may provide additional security to the network by preventing
users from accessing the authorization settings in the LDAP server.
For all the previously discussed LDAP services, the following additional LDAP functionality is
supported:
■
Search method for searching DN object records between LDAP servers and within each LDAP
server (see
■
Default access level that is assigned to the user if the queried response does not contain an
access level.
■
Local Users table for authenticating users instead of the LDAP server (for example, when a
communication problem occurs with the server). For more information, see
Database for Management User
Enabling the LDAP Service
Before you can configure LDAP support, you need to enable the LDAP service.
➢
To enable LDAP:
1.
Open the LDAP Settings page (Setup menu > IP Network tab > RADIUS & LDAP folder >
LDAP Settings).
2.
From the 'LDAP Service' drop-down list, select Enable.
3.
Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
Enabling LDAP-based Web/CLI User Login Authentication and
Authorization
The LDAP service can be used for authenticating and authorizing device management users (Web
and CLI) based on the user's login username and password (credentials). At the same, it can also
be used to determine users' management access levels (privileges). Before you can configure
LDAP-based login authentication, you must enable this type of LDAP service.
Configuring LDAP Search
Authentication.
Mediant 800 Gateway & E-SBC | User's Manual
Methods).
- 225 -
Configuring Local
- Quick Links:
- Default Ip Address
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
