Enabling Open LDAP replication

Add to My Topics

Watch

Download PDF

Feedback

Table of Content

Legal
Introduction
- Purpose
- Change history
Avaya Aura Device Services overview
- New in Avaya Aura Device Services Release 10.2.1.1
- New in Avaya Aura Device Services Release 10.2.1
- New in Avaya Aura Device Services Release 10.2.0.1
- New in Avaya Aura Device Services Release 10.2
- Solution topology
- Automatic configuration flow
- Components
- Data retention
- Data encryption
- Deployments with Avaya Aura and without Avaya Aura
Management of Avaya Aura® Device Services with the web administration portal
- Logging in to the Avaya Aura Device Services web administration portal
  - Web administration portal roles
- Starting or stopping Avaya Aura Device Services
- Managing application sessions
  - Application Properties field descriptions
- Configuring enhanced search options
- Enabling an external load balancer
- Certificate management
- Client certificate policy administration
  - Configuring the client certificate policy using the Avaya Aura Device Services web administration portal
    - Client-Device Certificate Policy field descriptions
- Integration with Avaya Workspaces for Avaya Oceana
- Enabling Avaya Breeze platform authorization
- Dynamic Configuration service management
- Messaging server address discovery management
- LDAP server management
- Cross-origin resource sharing
  - Enabling Cross-origin resource sharing for the Service Interface
  - Enabling Cross-origin resource sharing for the Administrator Interface
- Web Deployment service management
- Scheduling a Cassandra database repair
Avaya Aura Device Services Single Sign-On management
- SAML v2.0 and OAuth2 SSO overview
  - Authentication flows
  - Attribute mapping between Keycloak and a third-party identity provider
  - Token authentication realm
  - Access and refresh token expiry times
  - The simultaneous use of multiple identity providers
- Device Authorization Flow
- Prerequisites for SSO configuration
  - Prerequisites for SAML v2.0 and OAuth2 SSO configuration
  - Prerequisites for Device Authorization Flow configuration
  - Prerequisites for Workspaces SSO configuration
- Checklist for SSO authentication configuration
- Avaya Aura Device Services integration with Microsoft Azure Active Directory
  - Checklist for configuring Microsoft Azure Active Directory integration using SAML v2.0
  - Creating a new application
  - Configuring user and administrator groups
  - Adding users to groups
  - Obtaining the group ID
  - Assigning users and groups to the SSO application on Microsoft Azure
  - Configuring an Azure AD SAML v2.0 identity provider on Keycloak
- Avaya Aura Device Services integration with Office 365 using OAuth2
  - Checklist for configuring Office 365 integration using OAuth2
  - Registering an application for SSO purposes
  - Obtaining the application ID
  - Allowing the application to read Microsoft Azure directory data
  - Obtaining the application client secret
  - Adding an Office365 OAuth2 identity provider to Keycloak
  - Disabling the identity provider redirector
  - Adding a hard-coded user role in Keycloak
- Avaya Aura Device Services integration with Ping Identity
  - Checklist for configuring Ping Identity integration using SAML v2.0
  - Creating a new SAML v2.0 application on Ping Identity
  - Obtaining the XML configuration file
  - Configuring user and administrator Population groups
  - Configuring attribute mapping on Ping Identity
  - Configuring a Ping Identity SAML v2.0 identity provider on Keycloak
  - Creating users on Ping Identity
- Avaya Aura Device Services integration with OKTA
  - Checklist for configuring OKTA integration using SAML v2.0
  - Creating a new SAML v2.0 application on OKTA
  - Obtaining the XML configuration file
  - Configuring an OKTA SAML v2.0 identity provider on Keycloak
  - Configuring user and administrator groups
  - Creating users on OKTA
  - Adding users to groups
  - Assigning a group to an OKTA SAML application
  - Configuring attribute mapping on OKTA
- Avaya Aura Device Services integration with Microsoft AD FS
  - Checklist for configuring AD FS integration using SAML v2.0
  - Configuring an AD FS SAML v2.0 identity provider on Keycloak
  - Configuring Keycloak as a relying party trust
  - Configuring the claim issuance policy
- Avaya Aura Device Services integration with One Login
  - Checklist for configuring OneLogin integration using SAML v2.0
  - Creating a new SAML v2.0 application on OneLogin
  - Configuring a OneLogin SAML v2.0 identity provider on Keycloak
  - Configuring attribute mapping on OneLogin
  - Creating users on OneLogin
- Avaya Aura Device Services integration with IBM SVA
  - Checklist for configuring IBM SVA integration using SAML v2.0
  - Creating a new SAML v2.0 application on IBM SVA
  - Configuring an IBM SVA SAML v2.0 identity provider on Keycloak
  - Configuring user and administrator groups
  - Assigning groups to your IBM SVA SAML application
  - Configuring attribute mapping on IBM SVA
  - Creating users on IBM SVA
  - Adding users to groups
- Avaya Aura Device Services integration with Duo
  - Checklist for configuring Duo integration using SAML v2.0
  - Creating a new SAML v2.0 application on Duo
  - Adding your SAML application to the Duo Access Gateway
  - Configuring a Duo SAML v2.0 identity provider on Keycloak
- Avaya Aura Device Services integration with Imprivata
  - Checklist for configuring Imprivata integration using SAML v2.0
  - Configuring LDAP settings
  - Enabling role fetching from LDAP
  - Configuring an Imprivata SAML v2.0 identity provider on Keycloak
  - Downloading the SPSSODescriptor file from Keycloak
- Avaya Aura Device Services integration with Auth0
  - Checklist for configuring Auth0 integration using SAML v2.0
  - Creating a new application
  - Configuring an Auth0 SAML v2.0 identity provider on Keycloak
  - Creating users on Auth0
  - Setting up last name and first name attributes in the user's profile
- Device Authorization flow configuration
  - Checklist for device flow configuration
  - Creating client mapping for the device flow
  - Publishing COMM_ADDR_HANDLE parameters for J1XX phones
- Workspaces SSO Flow configuration
  - Checklist for Workspaces SSO Flow configuration
  - Creating client mapping for the Workspaces SSO Flow
- Switching to another identity provider
  - Checklist for switching to another identity provider
  - Deleting users from Keycloak
  - Disabling an identity provider
  - Changing the identity provider redirector
- Logging in to the Keycloak web administration portal
  - Changing your Keycloak password
- Authorization realm configuration on UC servers and Avaya Workplace Client
- Configuring Keycloak settings
- Starting and stopping the Keycloak service
- Obtaining the client secret
- Creating client mapping
  - Managing an existing client mapping
  - Configuring a time interval for updating public keys in client mappings
- Regenerating the Keycloak client secret
  - Updating the identity provider mapping
- Importing third-party identity provider private CA certificates
- Importing a third-party identity provider
- Selecting the default identity provider
- Disabling the default identity provider
- Modifying the attribute mapping between the third-party identity provider and Keycloak
  - Attribute mapping parameters for Office 365 OAuth2 identity provider
  - Attribute mapping parameters for Microsoft Azure SAML v2.0 identity provider
  - Attribute mapping parameters for Ping Identity SAML v2.0 identity provider
  - Attribute mapping parameters for OKTA SAML v2.0 identity provider
  - Attribute mapping parameters for ADFS SAML v2.0 identity provider
  - Attribute mapping parameters for OneLogin SAML v2.0 identity provider
  - Attribute mapping parameters for the IBM SVA SAML v2.0 identity provider
  - Attribute mapping parameters for the Duo SAML v2.0 identity provider
  - Attribute mapping parameters for Imprivata SAML v2.0 identity provider
  - Attribute mapping parameters for Auth0 SAML v2.0 identity provider
- Checklist to Configure Keycloak using a secure LDAP
- Obtaining LDAP Server Certificate
- Importing the Certificate into the Keycloak Truststore
- Configuring LDAPS in Keycloak
- Configuring the LDAP UID mapping
- Synchronizing data between Avaya Aura Device Services and an identity provider
- Testing the integration with an identity provider from the Google Chrome web browser
- Testing the integration with the identity provider from the web administration portal
  - OAuth2 testing status
- Configuring access and refresh token expiry times
- Blocking access to the Avaya Authorization service
- Enabling OAuth database replication in a cluster environment
- Keycloak log management
Avaya Spaces integration
- Checklist for configuring Avaya Spaces integration
- Avaya Spaces account configuration
  - Setting up a company and domain in Avaya Spaces
  - Creating an API key
- The use of Enterprise SSO for Avaya Spaces integration
- Obtaining an API key and API key secret
- Setting up Avaya Spaces integration
- Configuring data synchronization between Avaya Aura Device Services and Avaya Spaces
- Stopping synchronization with Avaya Spaces
- Phone number synchronization
  - Configuring phone number synchronization
- Uploading Avaya Spaces language and time zone settings to Avaya Aura Device Services
  - Language file format
  - Time zone file format
- User and license management overview
- Updating Avaya Spaces integration parameters
  - Avaya Spaces integration settings
- Disabling Avaya Spaces integration
- Deleting the Avaya Spaces configuration
- Viewing the Avaya Spaces connection status
- Configuring Avaya Spaces SSO for Avaya Spaces clients
LDAP server management
- Configuring the UID mapping attributes when using multiple authentication domains
- Adding a new enterprise LDAP server
  - Enterprise LDAP Server Configuration field descriptions
  - Configuring additional base context DNs
- LDAP server discovery using DNS SRV records
  - Checklist for configuring LDAP discovery using DNS SRV records
  - Configuring LDAP server discovery using DNS SRV records
- Testing connection to an LDAP server
- Modifying the provenance priority
- Administering the LDAP server configuration
- Enabling LDAP authentication for OAuth
- Modifying enterprise directory attribute mappings
- Configuring Windows Authentication for Active Directory
- Selecting an authentication domain
- Setting up user synchronization with the LDAP server
- Stopping synchronization with the LDAP server
- LDAP user deletion confirmation
- Configuring the internationalization parameters
- Adding a trusted host
- Supported characters for LDAP attributes
- Updating user attributes in LDAP
- Open LDAP user data imports
- Configuration of LDAP contact search
Avaya Aura Device Services network settings configuration
- Avaya Aura Device Services network configuration checklist
- Prerequisites for configuring Avaya Aura Device Services network settings
- Configuring network settings using the cliChangeNet.sh script
- Configuring network settings using the Avaya Aura Device Services configuration utility
Certificate management
- Managing certificates in the Avaya Aura Device Services web administration portal
- Generating System Manager identity certificates
- Managing identity certificates
- Managing truststore certificates
- Certificate revocation management
  - Configuring the revocation check policy
- Importing the secure LDAP certificate using the web administration portal
- Importing third-party CA-signed certificates
Web Deployment service management
- Web Deployment port configuration
- Uploading the client installer
  - Appcast items field descriptions
- Editing an appcast item
- Selecting interactive or non-interactive upgrade mode for Avaya Workplace Client for Windows
- Deleting an appcast item
- Reviewing download statistics
  - Download statistics field descriptions
Utility Server administration
- Utility Server capacity limits
- Supported and unsupported phone models
- Setting up a DHCP server
- Starting and stopping the Utility Server
- Enabling access to the Utility Server using an HTTP connection
- Logging in to the Utility Server
- Reviewing the disk space occupied by firmware package files
- Increasing the file size limit for phone firmware packages to 1.5 GB
- Uploading files on the Utility Server
- Uploading settings file to the Utility Server
- Uploading an IP phone custom file
  - Viewing custom files uploaded on the Utility Server
  - Accessing IP phone custom files
- Backing up H.323 phone settings on the Utility Server
- Utility Server backup and restore
- Firmware management
Administration of the Dynamic Configuration service
- Considerations for administering SIP parameters in an environment without Avaya Aura
- Viewing the Home location in System Manager
- Dynamic configuration setting priorities
- Assigning a group identifier to a phone model
- Adding a new platform
  - Deleting a platform
- Creating a new configuration
- Overwriting an existing configuration
- Testing configuration settings
- Publishing the configuration settings
- Viewing published settings
- Retrieving configuration settings for a user
- Import of dynamic configuration settings
- Managing automatic logging in to Avaya clients
- Administering the default configuration
  - Defaults field descriptions
- Split Horizon DNS mapping
Integrated Windows Authentication administration and management
- Authentication prerequisites
- Setting up the Windows Domain Controller
  - Windows Domain Controller command descriptions
- Enabling encryption for the domain user
- Setting up IWA on the Avaya Aura Device Services administration portal
AWS-specific management options
- Updating an existing stack with a new CloudFormation template
Cassandra clustering configuration on Avaya Aura Device Services
- Scheduling a Cassandra database repair
- Assigning a node to a different Cassandra datacenter
- Reviewing the Cassandra database status
- Configuring an additional seed node
Security options
- Configuring the data retention period
- Antivirus support
  - Prerequisites for installing antivirus software
  - Changing the SELinux mode to “permissive”
- File access privileges
- Data encryption management
- Advanced Intrusion Detection Environment tool management
- Enabling additional STIG hardening
  - Disabling additional STIG hardening
- Transport Layer Security overview
  - Selecting a minimum TLS version
- Configuring UEFI Secure Boot for OVA-based virtual machines
  - Checking the UEFI Secure Boot status
- Configuring the SameSite cookie attribute
  - Configuring the SameSite attribute for web-based clients
- Characters supported for Avaya Aura Device Services passwords
- Password policy for human-user accounts
  - Configuring password rules
- Avaya Aura Device Services entry points
- HTTP Proxy
Monitoring options
- Monitoring cluster nodes
  - Cluster Nodes field descriptions
- Checking the Avaya Aura Device Services status from the CLI
- Checking the status of a remote Avaya Aura Device Services node from the CLI
- Enabling or disabling HTTPS for health checks
- Viewing performance statistics
  - Performance charts
- Logs
- Alarms
- Enhanced Access Security Gateway for real time support
  - Enabling the Enhanced Access Security Gateway from the CLI
  - Removing EASG
Backup and restore
- Backing up Avaya Aura Device Services
- Automatic backups
  - Configuring automatic backups
  - Changing the location of automatic backups
- Avaya Aura Device Services configuration portability
- Restoring options for standalone and cluster environments
  - Restoring Avaya Aura Device Services in a standalone environment
  - Restoring an Avaya Aura Device Services cluster
Avaya Aura Device Services upgrade and migration operations
- Avaya Aura Device Services upgrade checklist
- Avaya Solutions Platform migration considerations
  - Upgrading Avaya Solutions Platform from Release 4.0 to 5.0
- System layer (operating system) updates for virtual machines deployed using Avaya-provided OVAs
- Updating the system layer for software-only deployments
- Upgrading Avaya Aura Device Services
- Upgrading Avaya Aura Device Services on AVP
- Configuring RSA public and private keys for SSH connections in a cluster
- Migrating Utility Server data
- Upgrading existing test configurations
- Running a patch to allow Avaya Workplace Client for Windows to connect to the Web Deployment service
- Running a patch to allow the Avaya Aura Web Gateway to connect to the Avaya Aura Device Services automatic configuration service
- Enabling Open LDAP replication
  - Re-enabling Open LDAP replication after removing a node from a cluster
- Checking for DRS synchronization
- Setting up user synchronization with LDAP after deployment
Upgrading RHEL 8.4 to RHEL 8.10 on OVA- based virtual machines
Troubleshooting
- Avaya Workspaces Client cannot connect to Avaya Aura Device Services
- Troubleshooting for the DRS service
  - DRS remains in Ready to Repair state
  - DRS remains in repairing state for a long time
  - DRS remains in not polling state
  - DRS fails with constraint error
- Avaya Aura Device Services installation or upgrade fails due to invalid System Manager certificates
- Services are not working properly after an installation or upgrade
- EASG login using craft username results in an Access Denied error
- Admin user is not prompted for password in sudo su
- ESG cannot connect to Avaya Aura Device Services
- A new private key failed to generate
- DNS entries disappear from the /etc/resolv.conf file after restarting Avaya Aura Device Services
- Check for Updates feature is not working
- Slow Avaya Aura Device Services performance
- Primary System Manager fails
- Cannot connect to System Manager after replacing a revoked System Manager certificate with a valid certificate
- Unable to access the web administration portal when the primary node Session Manager is non-operational
- PPM certificate error
- Repairing faulty users
- Exception in the AADS.log file
- The AADS.log file contains contact integrity data
- System Manager does not show Avaya Aura Device Services alarms
- Firmware upgrade fails for certain endpoints
- Cannot upload phone firmware packages larger than 800 MB to the Utility Server after the upgrade
- Synchronization with the LDAP server fails
- Open LDAP replication fails
- Open LDAP replication fails if Avaya Aura Device Services uses a custom identity certificate for server interfaces
- Allocating unused disk space to logical volumes
  - ESXi virtual hardware adjustments
    - Increasing the virtual disk size of ESXi virtual machines
    - Adjusting the CPU and memory resources of the Avaya Aura Device Services virtual machine
  - Increasing the virtual disk size of AWS virtual machines
- Cannot reinstall a non-seed node due to Cassandra startup error
- Troubleshooting for OAuth2 authorization
  - OAuth2 authentication does not work as expected
  - Login page for the third-party identity provider is not displayed
  - An error page is displayed instead of the Login page
  - Login credentials do not work
  - Avaya Workplace Client displays an authentication error
    - Verifying the attributes imported for a user
    - Verifying the mapping of the identity provider’s attributes
  - Users cannot log in to their clients or phones using SSO
  - A test user cannot log in to the identity provider
  - Interoperability issues between Avaya Aura Device Services and the third-party identity provider
- Avaya Spaces integration
  - Avaya Spaces connectivity errors
  - Avaya Aura Device Services does not contain the latest Avaya Spaces CA certificate
  - Cannot register an enterprise user on Avaya Spaces
  - Avaya Spaces user management operation fails
  - Avaya Spaces pages blocked
- Logs collected using the collectlogs command are encrypted
- Avaya Workplace Client cannot connect to Avaya Aura Device Services
- Avaya Workplace Client cannot connect to Avaya Aura Device Services when the secure connection is enabled
- Cannot access Avaya Aura Device Services resources over port 443
- The location of automatic backups has changed after the upgrade
- Disk space full on one node disables the service on all nodes
- Running the Cassandra repair manually
  - Auto Configuration Failure: 500 Internal Server Error
- RHEL single-user mode
  - Booting the RHEL into single-user mode
  - Changing the password for single-user mode
  - Exiting the single-user mode
Migrating Avaya Aura® Device Services from VMware to ASP R6.0.x (KVM on RHEL 8.10)
- Migrating Avaya Aura Device Services from VMware to ASP R6.0.x (KVM on RHEL 8.10)
- Obtaining existing VMware details
- Checklist of prerequisite tasks to migrate Avaya Aura Device Services from VMware to ASP R6.0.x (KVM on RHEL 8.10)
- Obtaining Avaya Aura Device Services network configuration details
Resources
- Documentation
  - Finding documents on the Avaya Support website
  - Avaya Documentation Center navigation
- Viewing Avaya Mentor videos
- Support
  - Using the Avaya InSite Knowledge Base
Additional administration tools
- collectlogs
- clitool-acs
- statusAADS utility
- Checking the Avaya Aura Device Services status from the CLI
- Shutting down Avaya Aura Device Services gracefully
- System layer commands
- runUserDiagnostics tool
- enableVantageFWSupport.sh command
- https_healthCheck.sh command
- Aliases
  - app commands
  - cdto commands
- Using the Tmux utility
Glossary
- Cassandra
- Domain Name System (DNS)
- Endpoints
- Fully Qualified Domain Name (FQDN)
- Network Time Protocol (NTP)
- Secure Shell (SSH)
- Simple Network Management Protocol (SNMP)
- SSL (Secure Sockets Layer) Protocol
- TCP
- TLS
- UDP

HomeAdministering Avaya Aura® Device Services...Avaya Aura Device Services upgrade and migration operationsEnabling Open LDAP replication

Table of Content

Enabling Open LDAP replication

Version:
Administering Avaya Aura® Device Services
Deploying Avaya Aura® Device Services
Last UpdatedJul 25, 2023
1 minute read

About this task

Enable Open LDAP database replication in a cluster deployment. This procedure is not applicable for standalone installations.

Before you begin

Ensure that an FQDN is assigned to each node in the cluster.
Ensure that each node is accessible from all other nodes in the cluster.
From a node CLI, run the app listnodes command and ensure that all cluster nodes have the live status.

Procedure

Run the Avaya Aura® Device Services configuration utility using the app configure command.
Select Enable Open LDAP Replication.
Select Enable Open LDAP Replication again.
Select Yes.
Select Open LDAP Password. and enter the Open LDAP administrator password.
Select OK.

The data replication process might take several minutes to complete.
After the data replication is complete, select Continue.
To ensure that data replication is enabled, view the /var/log/Avaya/openldap/openldap.log file.
The following is an example of a /var/log/Avaya/openldap/openldap.log file entry indicating that data replication is enabled:
```
Jan 21 11:11:11 aads1 slapd[23992]: conn=1015 fd=17 ACCEPT from IP=1.2.3.5:63930 (IP=1.2.3.4:3268)
Jan 21 11:11:11 aads1 slapd[23992]: conn=1015 op=0 BIND dn="cn=administrator,dc=company,dc=com" method=12
Jan 21 11:11:11 aads1 slapd[23992]: conn=1015 op=0 BIND dn="cn=administrator,dc=company,dc=com" mech=SIMPLE ssf=0
Jan 21 11:11:11 aads1 slapd[23992]: conn=1015 op=0 RESULT tag=97 err=0 text=
```
If /var/log/Avaya/openldap/openldap.log contains error messages, such as ldap_sasl_bind_s failed rc -1, then some nodes are not accessible. In this case, you must make these nodes accessible from other nodes and then repeat the data replication procedure.
Repeat steps 1 to 8 on all remaining nodes on the cluster.

Was this topic helpful?

Send Feedback

Running a patch to allow the Avaya Aura Web Gateway to connect to the Avaya Aura Device Services automatic configuration service

Re-enabling Open LDAP replication after removing a node from a cluster

Running a patch to allow the Avaya Aura Web Gateway to connect to the Avaya Aura Device Services automatic configuration service

Re-enabling Open LDAP replication after removing a node from a cluster

Administering Avaya Aura® Device Services

Filters

Solutions

Products

User Role

Audience

Document type