Configuring LDAP server integration

Last Updated : Aug 30, 2021 |

About this task

Avaya Aura® System Manager supports integration with an LDAP authentication server. Therefore, you must configure System Manager to integrate with an LDAP server.

Note:

  • This procedure is a basic example of System Manager and LDAP integration. For more information, see Administering Avaya Aura® System Manager.

  • Avaya Oceana® only supports secure binding. When you use Active Directory as an LDAP server, you must install a Certificate Authority on the Active Directory server.

Before you begin

Add an LDAP server to the solution.

Procedure

  1. On the System Manager web console, click Services > Inventory > Manage Elements.
  2. On the Manage Elements page, select the System Manager check box, and click More Actions > Manage Trusted Certificates.
  3. On the Manage Trusted Certificates page, click Add.
  4. On the Add Trusted Certificate page, perform the following steps:
    1. Click Import using TLS.
    2. In the IP Address field, enter the IP address of your LDAP server.
    3. In the Port field, enter the port number as 636.
    4. Click Retrieve Certificate.
    5. Click Commit.
  5. On the System Manager web console, click Users > Directory Synchronization > Sync Users.
  6. On the User Synchronization page, on the Synchronization Datasources tab, click New.
  7. On the New User Synchronization Datasource page, in the Directory Parameters section, perform the following steps:
    1. In the Datasource Name field, enter the name to identify Active Directory.
    2. In the Host field, enter the FQDN address of your LDAP server.

      Ensure that LDAP certificates contain a SAN entry.

    3. In the Principal field, enter the LDAP login details.

      For example, myDomain\Administrator.

    4. In the Password field, enter the password for the LDAP login account that you specified.
    5. In the Port field, enter the port number as 636.
    6. In the Base Distinguished Name field, enter the LDAP details.

      For example, CN=user,DC=myDomain,DC=com

    7. In the LDAP User Schema field, enter the LDAP User Schema details.
    8. In the Search Filter field, enter the LDAP search string.

      For example, CN=Alex*.

    9. Select the Use SSL check box.
    10. Click Test Connection.
  8. On the New User Synchronization Datasource page, in the Attribute Parameters section, perform the following steps:
    1. Click Add Mapping to add a row.
    2. From the drop-down list on the left, select cn.
    3. From the corresponding drop-down list on the right, select sourceUserKey.
    4. Click Add Mapping to add another row.
    5. From the drop-down list on the left, select mail.
    6. From the corresponding drop-down list on the right, select loginName.
      Note:

      Instead of the mail field pointing to loginName, you can also use userPrincipalName depending on the configuration of the LDAP server. For example, if the mail field is not set in the LDAP server.

    7. Click Add Mapping to add another row.
    8. From the drop-down list on the left, select sn.
    9. From the corresponding drop-down list on the right, select surname.
    10. Click Add Mapping to add another row.
    11. From the drop-down list on the left, select givenName.
    12. From the corresponding drop-down list on the right, select givenName.
    13. Click Add Mapping to add another row.
    14. From the drop-down list on the left, select displayName.
    15. From the corresponding drop-down list on the right, select displayName.
  9. Click Save.
  10. On the User Synchronization page, click Active Synchronization Jobs.
  11. Click Create New Job.
  12. On the New User Synchronization Job page, in the Datasource Name field, select the LDAP server and click Run Job.

    Wait for the job to complete so that all LDAP users are loaded in System Manager.

  13. On the User Synchronization page, click Synchronization Job History.
  14. In the Status column, verify that the status of the job is RUNNING.

    The status changes to COMPLETED when the job is complete.