CHAPTER16 Services
Mediant 800 Gateway & E-SBC | User's Manual
If you enable LDAP- based user login authentication, when users with Security
Administrator privilege level log in to the device’s CLI, they are automatically given
access to the CLI privileged mode (“#”). For all other user privilege levels, the user
needs to run the enable command and then enter the password to access the CLI
privileged mode.
➢ To enable LDAP-based login authentication:
1. Open the Authentication Server page (Setup menu > Administration tab > Web & CLI folder
> Authentication Server).
2. Under the LDAP group, from the 'Use LDAP for Web/Telnet Login' drop-down list, select
Enable.
3. Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
Configuring LDAP Server Groups
The LDAP Server Groups table lets you configure up to 41 LDAP Server Groups. An LDAP Server
Group is a logical configuration entity that contains up to two LDAP servers. LDAP servers are
assigned to LDAP Server Groups in the LDAP Servers table (see Configuring LDAP Servers). To
use a configured LDAP server, you must assign it to an LDAP Server Group. You can configure the
following types of LDAP Server Groups (configured by the 'Type' parameter described below):
■ Control: To use an LDAP server for call routing, you need to configure the LDAP Server Group
as a Control type, and then assign the LDAP Server Group to a Routing Policy. The Routing
Policy in turn needs to be assigned to the relevant routing rule(s). You can assign a Routing
Policy to only one LDAP Server Group. Therefore, for multi-tenant deployments where multiple
Routing Policies are employed, each tenant can be assigned a specific LDAP Server Group
through its unique Routing Policy.
■ Management: To use an LDAP server for management where it does user login authentication
and user authorization, you need to configure the LDAP Server Group as a Management type.
Additional LDAP-based management parameters need to be configured, as described in
Enabling LDAP-based Web/CLI User Login Authentication and Authorization and Configuring
LDAP Servers.
■ Management Service: To use two different LDAP server accounts for management where
one LDAP account does user authentication and the other LDAP account does user
authorization, you need to configure two LDAP Server Groups. Configure the LDAP Server
Group for user authentication as a Management type and the LDAP Server Group for user
authorization as a Management Service type. In this setup, configure all the user-
authorization settings (i.e., Management LDAP Groups and LDAP Server Search Base DN)
only for the Management Service-type LDAP Server Group (instead of for the Management-
type LDAP Server Group).
The following procedure describes how to configure an LDAP Server Group through the Web
interface. You can also configure it through ini file [LDAPServerGroups] or CLI (configure
system > ldap ldap-server-groups).
- 226 -
To Next Page
Loading...
