Version 7.0 247 Mediant 3000
User's Manual 16. Services
location in the directory where you want to search for the user's member group(s) is
configured using the following:
• Search base object (distinguished name or DN, e.g.,
"ou=ABC,dc=corp,dc=abc,dc=com"), which defines the location in the directory
from where the LDAP search begins, and is configured in ''Configuring LDAP
DNs (Base Paths) per LDAP Server'' on page 254.
• Search filter, for example, (&(objectClass=person)(sAMAccountName=JohnD)),
which filters the search in the subtree to include only the specific username. The
search filter can be configured with the dollar ($) sign to represent the username,
for example, (sAMAccountName=$). For configuring the search filter, see
''Configuring the LDAP Search Filter Attribute'' on page 255.
• Management attribute (e.g., memberOf), from where objects that match the
search filter criteria are returned. This shows the user's member groups. The
attribute is configured in the LDAP Configuration table (see ''Configuring LDAP
Servers'' on page 250).
If the device finds a group, it assigns the user the corresponding access level and
permits login; otherwise, login is denied. Once the LDAP response has been received
(success or failure), the device ends the LDAP session.
For both of the previously discussed LDAP services, the following additional LDAP
functionality is supported:
Search method for searching DN object records between LDAP servers and within
each LDAP server (see Configuring LDAP Search Methods).
Default access level that is assigned to the user if the queried response does not
contain an access level.
Local users database (Web Users table) for authenticating users instead of the LDAP
server (for example, when a communication problem occurs with the server). For more
information, see ''Configuring Local Database for Management User Authentication''
on page
260.
16.3.1 Enabling the LDAP Service
Before you can configure LDAP support, you need to enable the LDAP service.
To enable LDAP:
1. Open the LDAP Settings page (Configuration tab > VoIP menu > Services > LDAP
> LDAP Settings).
Figure 16-5: Enabling LDAP on the LDAP Settings Page
2. Under LDAP Settings, from the 'LDAP Service' drop-down list, select Enable.
3. Click Submit, and then reset the device with a burn-to-flash for your settings to take
effect.
16.3.2 Enabling LDAP-based Web/CLI User Login Authentication and
Authorization
The LDAP service can be used for authenticating and authorizing device management
users (Web and CLI), based on the user's login username and password (credentials). At
the same, it can also be used to determine users' management access levels (privileges).
To Next Page
Loading...
Need help?
General
