This procedure describes how to configure the LDAP authentication parameters when Microsoft Active Directory (AD) is used.
Procedure
Run the Avaya Aura® Device Services configuration utility using the app configure command.
Select LDAP Configuration and configure the following settings:
Parameter
Description
Example
UID Attribute ID
The LDAP attribute that contains the user ID used for authentication.
For AD, there are usually two types of userID: Domain user ID or User Principal Names. Avaya Aura® Device Services also supports authentication using the email address of a user.
For Domain user ID authentication, the UID Attribute ID must be set to sAMAccoutName.
See MultipleActiveDirectorydomains for how to set this up in an AD forest
For authentication using User Principal Name, UID Attribute ID must be set to userPrincipalName.
Note:
For Microsoft Active Directory, userPrincipalName is an optional attribute. So if authentication using User Principal Name (or UPN) is used, ensure that each user has the userPrincipalName attribute set.
sAMAccoutName
userPrincipalName
Base Context DN
The base DN where the search for the user must start. Usually, the base DN is the root DN for the AD domain.
dc=global,dc=example,dc=com
Select LDAP Configuration > Advanced LDAP parameters and configure the following settings:
Parameter
Description
Example
Allow Empty Passwords
The setting to enable user authentication without a password.
Microsoft Active Directory does not allow users to authenticate without a password, so you must set the Allow Empty Passwords setting to false.
