LDAP parameter descriptions

Last Updated : Jun 10, 2026 |

Parameter settings

The following table describes the parameter settings according to the search mechanism that you choose:

Parameter

Search mechanism #1:

Find the user, extract the group DNs from the memberOf attribute, and get the role strings from each of the group objects

Search mechanism #2:

Find the groups that the user belongs to and extract the role string from one of the attributes

Example

Description

Example

Description

Role Filter

(&(objectClass=user)(objectCategory=Person)(<UID attribute ID>={0}))

<UID Attribute ID> is the value of the “UID Attribute ID” parameter.

{0} is the placeholder that will be replaced by the authenticating user ID.

(&(objectClass=group)(member={1}))

{1} is the placeholder to be replaced by the DN of the user object. The DN is identified during the authentication process.

This filter looks for a group object whose member attribute contains a value of the authenticating user DN.

Role Context DN

ou=Users,dc=global,dc=example,dc=com

The purpose of the search is to find the user and then extract the role objects from the memberOf user attribute.

ou=Groups,dc=global,dc=example,dc=com

The purpose of the search is to find the roles whose member attribute contains the user.

Role Attribute ID

memberOf

This attribute contains the list of DNs of the groups to which the user belongs to.

CN

This contains the group’s name (for example, AADSAdmin, and so on.)

Role Attribute is DN

true

The memberOf values are the DNs of the group/mailing list objects.

false

The Role Attribute ID already contains the role string name.

Role Name Attribute

CN

The attribute defined by Role Name Attribute contains the group name.

For example: AADSAdmin

Leave this parameter empty because Role Attribute is DN is false.

Role Recursion

0

This configuration does not allow recursive search.

Note:

Using this configuration, the users under the AADSDelegates group will not be able to use Avaya Aura® Device Services so this is not the recommended configuration for this example.

1 or higher

You must set this value to 0 if there are no subgroups or a value from 1 to 10 to support searches of users that are in subgroups.

In this example, the recursive search is needed to find the user in the AADSDelegates group, so this value must be set to at least 1.

Role configuration

To search the role base context and under it, set Search Scope to 2 or SUBTREE_SCOPE . The configuration of the following roles is the same, regardless of the configured search mechanism:

Role

Description

Example

Administrator Role

This role specifies the list of the role string extracted from LDAP that would be mapped to the Avaya Aura® Device Services server ADMIN application role.

AADSAdmin

User Role

This role specifies the list of the role string extracted from LDAP that would be mapped to the Avaya Aura® Device Services server USERS application role.

AADSUsers

Auditor Role

This role specifies the list of the role string extracted from LDAP that would be mapped to the Avaya Aura® Device Services server AUDITOR application role.

AADSAuditor

Service Administrator Role

Avaya Aura® Device Services does not currently use this role. Leave this setting blank.

Services Maintenance and Support Role

Avaya Aura® Device Services does not currently use this role. Leave this setting blank.

Security Administrator Role

This role is for updating web certificates from the web administration portal.

AADSSecurityAdmin