Version 6.8 207 Mediant 2600 E-SBC
User's Manual 15. Services
Administrator, or Security Administrator. For an explanation on the privileges of each level,
see Configuring Web User Accounts.
When the username-password authentication with the LDAP server succeeds, the device
searches the LDAP server for all groups of which the user is a member. The LDAP query is
based on the following LDAP data structure:
Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"), which defines the location in the directory from
which the LDAP search begins. This is configured in 'Configuring LDAP DNs (Base
Paths) per LDAP Server' on page
204.
Filter (e.g., "(&(objectClass=person)(sAMAccountName=johnd))"), which filters the
search in the subtree to include only the login username (and excludes others). This is
configured by the 'LDAP Authentication Filter' parameter.
Attribute (e.g., "memberOf") to return from objects that match the filter criteria. This
attribute is configured by the 'Management Attribute' parameter in the LDAP
Configuration table.
The LDAP response includes all the groups of which the specific user is a member, for
example:
CN=\# Support Dept,OU=R&D
Groups,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=abc,DC=com
CN=\#AllCellular,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=abc,D
C=com
The device searches this LDAP response for the group names that you configured in the
Management LDAP Groups table in order to determine the user's access level. If the
device finds a group name, the user is assigned the corresponding access level and login
is permitted; otherwise, login is denied. Once the LDAP response has been received
(success or failure), the LDAP session terminates.
The following procedure describes how to configure an access level per management
groups in the Web interface. You can also configure this using the table ini file parameter,
MgmntLDAPGroups or CLI command, configure voip > ldap > mgmt-ldap-groups.
To configure management groups and corresponding access level:
1. Open the LDAP Configuration Table page (Configuration tab > VoIP menu >
Services > LDAP > LDAP Configuration Table).
2. In the LDAP Configuration table, select the row of the LDAP server for which you want
to configure management groups with a corresponding access level, and then click the
Management LDAP Groups Table link (located at the bottom of the page); the
Management LDAP Groups Table page opens.
3. Click Add; the following dialog box appears:
Figure 15-14: Management LDAP Groups Table - Add Record
4. Configure a group name(s) with a corresponding access level according to the
parameters described in the table below.
5. Click Submit, and then save ("burn") your settings to flash memory.
To Next Page
Loading...
