AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Administering the Avaya Aura® Web Gateway
Enterprise LDAP Server Configuration field descriptions
Last Updated : Jun 10, 2026 |
Name |
Description |
|---|---|
Enterprise-Directory Type |
Specifies the name of the enterprise directory. The options are:
|
Provenance Priority |
Specifies the provenance priority of the enterprise directory. Provenance priority is used while merging contacts. If a value is available in more than one directory, the directory value with higher provenance priority is returned. For example, if firstName is obtained from two directories, the firstName from the source with higher provenance priority is returned. You can assign a value between 2 to 10. You cannot assign Provenance priority 1 because it is always assigned to the authorization directory. Provenance priority 1 is the highest, and 10 is the lowest. Provenance priority must be different for each enterprise directory or source. |
Server Address and Credentials
Name |
Description |
|---|---|
Secure LDAP |
Indicates whether the LDAP server connection is secure or not. If FIPS is enabled, you must use the secure LDAP connection to access LDAP servers. If you are using a secure LDAP connection, you must also import the LDAP server trusted certificate to Avaya Aura® Web Gateway. |
Import Certificate |
Specifies the LDAP server trusted certificate. This field is mandatory if you are using a secure LDAP server connection. This field is only displayed when the Secure LDAP check box is selected. You cannot import a certificate if:
|
Windows Authentication |
Specifies whether to use Windows Authentication. The options are:
If you select the Negotiate option, the system displays the Configuration for Windows Authentication section.
Note:
Windows authentication is only supported if you are using a single authentication directory. If you are using multiple authentication directories, Windows Authentication is disabled. |
Address |
Specifies the IP address or FQDN of the LDAP server. This field is mandatory. |
Port |
Specifies the port of the LDAP server. This field is mandatory. |
Bind DN |
Specifies the Distinguished Name (DN) of the user that has read and search permissions for the LDAP server users and roles. This is a mandatory setting. The format of the Bind DN depends on the configuration of the LDAP server. This field is mandatory.
Note:
Even though the parameter name is Bind DN, the format of its value is not limited to the DN format. The format can be any format that the LDAP server can support for LDAP bind. For example: for Active Directory, you can use domain\user, user@domain, as well as the actual DN of the user object. |
Bind Credential |
Specifies the password of the administrative user. The maximum password length depends on the LDAP server type that you use in your deployment. |
Base Context DN |
Specifies the complete Distinguished Name (DN) with the Organizational Unit (OU) for starting the search for users on the enterprise directory. This is the primary Base Context DN for Avaya Aura® Web Gateway. For example, dc=domain, dc=company, dc=com. If you are using multiple authorization domains, Avaya recommends including a domain component to the Base Context DN. For example, dc=avaya, dc=com.
Note:
Some LDAP sources, such as Domino, typically do not contain the domain component in Base Context DNs. For example, o=MyCompany. If Base Context DNs do not contain the domain component, Avaya Aura® Web Gateway considers them |
Use additional Base Context DN |
Enables Avaya Aura® Web Gateway contact search and quick search. The primary Base Context DN is used for authentication. Additional Base Context DNs are used for Avaya Aura® Web Gateway contact search and quick search, and can also be used for authentication. You can configure up to 10 additional Base Context DNs. If you select this check box, you can see the View/Edit button. Auto-configuration will use only the primary base context DN. |
View/Edit |
Enables access to the Addition Base DN Configuration page, where you can add or delete additional Base Context DNs. |
UID Attribute ID |
Specifies the unique attribute of the user on LDAP, which is used to search for users in the LDAP server. If you are using multiple authentication domains, you must use one of the following values:
If you are not using multiple authentication domains, you must use one of the following values:
This field is mandatory. |
Role Filter |
Specifies the search filter used to search the role of the user. For example, (&(objectClass=group) (member={1}) |
Role Attribute ID |
Specifies that the user is a member of the groups defined by that attribute. For example, objectCategory This field is mandatory. |
Roles Context DN |
Specifies the complete Distinguished Name (DN) to search for a user role, that is, for Role Filter. For example, dc=domain,dc=company,dc=com |
Role Name Attribute |
Specifies the name of the role attribute. This field is mandatory only if the Role Name Attribute Is DN field is set to true. For example, cn if the role is stored in a DN in the form of cn=admin, ou=Users, dc=company, dc=com. |
Role Attribute is DN |
Indicates whether the role attribute of the user contains DN. The default value is true. |
Allow Empty Passwords |
Indicates whether LDAP Server acknowledges the empty password. The default value is false. |
Search Scope |
Specifies the search level in the LDAP hierarchy. The options are:
The default value is Subtree. |
Role Recursion |
Specifies whether role recursion is enabled. The options are:
If your LDAP configuration includes nested groups, you can set the Role Recursion parameter to For example, the user jsmith can be in the Sales group, which can be in the AAWG users group. In this case, Role Recursion must be set to true for jsmith to be recognized as a member of the Avaya Aura® Web Gateway users group. If you set this parameter to
Note:
Certified with 300 nested groups with 2 levels for each user. |
Administrator Role |
Specifies the administrator role in which the administrative users are assigned. |
Security Administrator Role |
Specifies the security administrator role in which the administrative users can manage web certificates from the web administration portal. |
User Role |
Specifies the user role in which the common users are assigned. |
Auditor Role |
Specifies the auditor role in which the users can audit the system. |
Services Maintenance and Support Role |
Specifies the services maintenance and support role in which users can maintain and support services. |
Services Administrator Role |
Specifies the services administrator role. |
Language used in Directory |
|
Active Users Search Filter |
Specifies whether the user is active or inactive on LDAP Server. |
Last Updated Time Attribute ID |
Specifies when the user is updated on LDAP. The exact value depends on the LDAP server type that you use. Avaya recommends that you use the following values:
This field is mandatory. |
Configuration for Windows Authentication
Name |
Description |
|---|---|
Service Principal Name (SPN) |
Specifies the service principal name UIDAttributeID must be userPrincipalName. |
Import keytab file |
Imports the tomcat.keytab file and overwrites the existing file. |
Kerberos Realm |
Specifies the Kerberos realm. |
DNS Domain |
Specifies the DNS domain of the Domain Controller. |
KDC FQDN |
Specifies the FQDN of the Domain Controller. |
KDC Port |
Specifies the port number. The default KDC port is 88. |
Button |
Description |
|---|---|
Test Connection |
Tests the connection changes. |
Save |
Saves the changes made to the enterprise directory. |
Modify Attribute Mappings |
Modifies the attributes of the LDAP server. |