LDAP Settings page field descriptions

Last Updated : Jun 05, 2026 |

Use the fields on this page to establish a connection between Avaya Experience Portal and your corporate directory using Lightweight Directory Access Protocol (LDAP). You can control which accounts in the directory have access to Avaya Experience Portal based on their group membership. For more information, see Using a corporate directory to specify users.

If you need more information about what to enter in the fields in this section, consult your corporate directory administrator.

Field

Description

Enable

The options are:

  • Yes: The connection between Avaya Experience Portal and your corporate directory using LDAP is enabled.

  • No: The connection between Avaya Experience Portal and your corporate directory using LDAP is disabled.

Note:

Avaya Experience Portal verifies the LDAP settings when you click Apply only if the Enable field is set to Yes. The changes are saved but not verified if the Enable field is set to No.

Connection Settings section

URL
The fully-qualified address of the LDAP server which includes the following:

  • IP address of the host

  • LDAP schema

  • Port name

For example: ldap://<ip-address>:389 or ldap://ldapserver.company.com:389.

User Name

A user name that is authorized to access the corporate directory through the LDAP server. The user name can be a Distinguished Name (DN) or a simple user name.

Example of a DN: uid=jbloggs,ou=people,dc=mycompany,dc=com.

Example of a simple user name: jbloggs.

Note:

To use an anonymous connection, leave this field blank.

Password

The password for the specified user name.

Note:

To use an anonymous connection, leave this field blank.

Mutual Certificate Authentication

Mutual certificate authentication is used for validating the LDAP server certificate against the PrimaryEPM certificate. To perform mutual authentication, install the LDAP server certificate on the Primary EPM. Export and install the Primary EPM certificate on the LDAP server. Once mutual authentication is enabled, the Primary EPM validates the LDAP server certificate against the certificate provided and sends the certificate to the LDAP server for validation.

The options are:

  • Yes: Enables Mutual Certificate Authentication.

  • No: Disables Mutual Certificate Authentication.

Referrals

The referral, or reference, sent back by the LDAP server to another LDAP server when communicating with an LDAP server over LDAP protocol. When the Primary EPM communicates with the LDAP server and the LDAP server sends back a referral, the Primary EPM handles the referrals as per specified value. The following are the supported values:

  • Ignore: Ignore referrals

  • Follow: Automatically follow any referrals

Note:

Configure only the LDAP server that communicates with the EPM. If the authentication is based on username and password then all the LDAP servers involved must be configured to use the same username and password and if the mutual authentication is based security certificates, then all the LDAP servers must have security certificates which are signed by the same CA authority. Export the root certificate from the Primary EPM and install on each of the LDAP servers that are involved in the authentication.

User Entry Settings section

User DN Pattern

A pattern specifying the Distinguished Name (DN) to use when verifying the user name and password with the LDAP server.

Use this option if the DN of the user records in your corporate directory contains a component with a unique user ID for authentication.

The pattern must contain the string {0}, which represents the user name to be validated.

For example, uid={0}, ou=people, dc=mycompany, dc=com

Search Filter

The LDAP search filter to use when verifying the user name and password with the LDAP server.

Use this option if the user records in your corporate directory contain an attribute with a unique user ID for authentication.

The field must contain the string {0}, which represents the user name to be validated.

For example, (mail={0})

Base DN

The DN where the Search Filter will be applied.

For example, OU=na, OU=people, DC=global, DC=mycompany, DC=com

Search Subtree

If enabled, all subtrees of the base DN will be recursively searched.

Password Verification Settings section

Bind

Select this option if you want to verify the user's password using a simple LDAP bind operation.

Note:

If you use multiple LDAP server configuration with referrals, ensure that the LDAP server sends a referral back to the bind operation. Otherwise, this mode will not work.

Attribute

Select this option if you want to verify the user's password by a direct comparison with a specific attribute in the user's record.

Role Assignment Settings section

User Entry Attribute

The LDAP attribute Avaya Experience Portal should use to determine the group names assigned to the user.

This should be an attribute of the user record matched by the User DN Pattern or Search Filter options.

For example, memberOf

Group Search Filter

The LDAP search filter Avaya Experience Portal should use to match a user in a group record.

The field must contain either:

  • {0} to indicate the user’s distinguished name

  • {1} to indicate the specific user ID

For example, (uniqueMember={0})

Group Entry Attribute

The attribute of the group record that specifies the name of the group.

For example, cn

Group Search Base DN

The DN where the Group Search Filter will be applied.

For example, OU=Local Distribution, DC=people, DC=mycompany, DC=com

Search Subtree

If enabled, all subtrees of the base DN will be recursively searched.

Group Map Name

The group name to associate with a given set of Avaya Experience Portal user roles.

Use this option to map a group name from the LDAP directory to a set of Avaya Experience Portal user roles. This option is necessary when the group names specified in the LDAP directory do not match the role names used by Avaya Experience Portal.

This column displays the names of any previously-defined group maps as well as a text field that lets you specify a new group map name.

If you specify a new group name, use the Assigned Roles field to select the roles to associate with this map name.

Organization

The organization roles that are associated with LDAP groups.

For a new Group Map, use this column to select System or Organization for displaying the organization roles associated with each group.

  • System: If you select System, all the available System roles are displayed and the Organization options are disabled.

  • Organization: If you select Organization, all the available Organization roles for the selected organization are displayed and the System options are disabled.

For an existing Group Map, the name of the organization will display as N/A when system roles are selected, or the particular organization when organization roles are selected.

Assigned Roles

Display the roles associated with the existing group maps. You can also use the check boxes to select one or more user roles to associate with a new group map name.

add link

Associates a new group map name with the selected user roles.

del link

Deletes a previously-added group map name.