User's Manual 256 Document #: LTRT-10532
Mediant 500L Gateway & E-SBC
Parameter Description
cn=administrator,cn=Users,dc=domain,dc=com
administrator@domain.com
domain\administrator
LDAP-based user login authentication: The parameter represents
the login username entered by the user during a login attempt.
You can use the $ (dollar) sign in this value to enable the device
to automatically replace the $ sign with the user's login username
in the search filter, which it sends to the LDAP server for
authenticating the user's username-password combination. An
example configuration for the parameter is $@sales.local, where
the device replaces the $ with the entered username, for
example, JohnD@sales.local. The username can also be
configured with the domain name of the LDAP server.
Note: By default, the device sends the username in clear-
You can enable the device to encrypt the username using TLS (see
the 'Use SSL' parameter below).
Management Attribute
mgmt-attr
[LdapConfiguration_MngmAut
hAtt]
Defines the LDAP attribute name to query, which contains a list of
groups to which the user is a member. For Active Directory, this
attribute is typically "memberOf". The attribute's values (groups) are
used to determine the user's management access level; the group's
corresponding access level is configured in ''Configuring Access
Level per Management Groups Attributes'' on page 258.
Note:
The parameter is applicable only to LDAP-based login
authentication and authorization (i.e., the 'Type' parameter is set
to Management).
If this functionality is not used, the device assigns the user the
configured default access level. For more information, see
''Configuring Access Level per Management Groups Attributes''
on page 258.
15.4.5 Configuring LDAP DNs (Base Paths) per LDAP Server
The LDAP Search DN table lets you configure LDAP base paths. The table is a "child" of
the LDAP Servers table (see ''Configuring LDAP Servers'' on page 252) and configuration
is done per LDAP server. For the device to run a search using the LDAP service, the base
path to the directory’s subtree, referred to as the distinguished name object (or DN), where
the search is to be done must be configured. For each LDAP server, you can configure up
to three base paths.
The following procedure describes how to configure DNs per LDAP server through the
Web interface. You can also configure it through ini file (LdapServersSearchDNs) or CLI
(configure system > ldap ldap-servers-search-dns).
To configure an LDAP base path per LDAP server:
1. Open the LDAP Servers table (Setup menu > IP Network tab > RADIUS & LDAP
folder > LDAP Servers).
2. In the table, select the row of the LDAP server for which you want to configure DN
base paths, and then click the LDAP Servers Search Based DNs link located below
the table; the LDAP Server Search Base DN table opens.
To Next Page
Loading...
