Configuring Access Level Per Management Groups Attributes - AudioCodes Mediant 1000B User Manual
Analog & digital voip media gateway enterprise session border controller gateway & e-sbc
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
To configure the LDAP search filter for management users:
1.
Open the LDAP Settings page (Configuration tab > VoIP menu > Services > LDAP
> LDAP Settings).
Figure 15-12: LDAP Settings Page - LDAP Search Filter
2.
Under LDAP Settings, in the 'LDAP Authentication Filter' parameter, enter the LDAP
search filter attribute for searching the login username for user authentication.
3.
Click Submit.
15.3.6 Configuring Access Level per Management Groups Attributes
The Management LDAP Groups table lets you configure LDAP group objects and their
corresponding management user access level. The table is a "child" of the LDAP
Configuration table (see 'Configuring LDAP Servers' on page 205) and configuration is
done per LDAP server. For each LDAP server, you can configure up to three table row
entries of LDAP group(s) and their corresponding access level.
Notes:
•
The Management LDAP Groups table is applicable only to LDAP-based login
authentication and authorization queries.
•
If the LDAP response received by the device includes multiple groups of which the
user is a member and you have configured different access levels for some of
these groups, the device assigns the user the highest access level. For example,
if the user is a member of two groups where one has access level "Monitor" and
the other "Administrator", the device assigns the user the "Administrator" access
level.
•
When the access level is unknown, the device assigns the default access level to
the user, configured by the 'Default Access Level' parameter in the Authentication
Settings page (Configuration tab > System menu > Management >
Authentication Settings). This can occur in the following scenarios:
√
√
√
Group objects represent groups in the LDAP server of which the user is a member. The
access level represents the user account's permissions and rights in the device's
management interface (e.g., Web and CLI). The access level can either be Monitor,
Administrator, or Security Administrator. For an explanation on the privileges of each level,
see Configuring Web User Accounts.
When the username-password authentication with the LDAP server succeeds, the device
searches the LDAP server for all groups of which the user is a member. The LDAP query is
based on the following LDAP data structure:
Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"), which defines the location in the directory from
which the LDAP search begins. This is configured in 'Configuring LDAP DNs (Base
Paths) per LDAP Server' on page 208.
Filter (e.g., "(&(objectClass=person)(sAMAccountName=johnd))"), which filters the
search in the subtree to include only the login username (and excludes others). This is
User's Manual
The user is not a member of any group.
The group of which the user is a member is not configured on the device (as
described in this section).
The device is not configured to query the LDAP server for a management
attribute (see 'Configuring LDAP Servers' on page 205).
Mediant 1000B Gateway & SBC
210
Document #: LTRT-27034
Advertisement
Chapters
Table of Contents
