LDAP Configuration

LDAP Authentication is enabled when a user attempts to log on to the MiCollab Audio, Web and Video Conferencing server, a Lightweight Directory Access Protocol (LDAP) query authenticates that user. Rather than querying its own internal database to see if the username and password are authorized, an LDAP query is launched against the corporate directory. If the response indicates the username/password combination is legitimate, the server allows that user to access the system for scheduling and placing calls. Under this arrangement, the user’s password is not stored on the server, and you do not need to administer the user database on the server (except to change some enhanced service features for users).

The server also uses the LDAP query process to enable auto-provisioning. If the LDAP query indicates the username and password are legitimate but the username has not yet been identified as a user on the server, then the server automatically establishes an account for that user. The user is set up with the default level of authorization to use the system’s special features and is able to start using the system immediately. You set these user defaults when the system is initially configured (see Default User Settings).

If a user requires authorizations that differ from the system defaults, you can use the administrator Web client to change that user’s profile. See Managing a User Profile.

Note: To use LDAP authentication with Active Directory, you must have Active Directory set up prior to configuring MiCollab Audio, Web and Video Conferencing. Contact the site administrator to view the Active Directory configuration, and then verify the following.

An Active Directory user exists that is used as the LDAP Admin ID. The user does not need any special rights or permissions.

Users with name, password, and e-mail information exist as Active Directory users.

You can ping the MiCollab Audio, Web and Video Conferencing server by hostname from the Active Directory server.

The most common LDAP authentication uses an Active Directory database. Click to view the instructions for configuring an Active Directory database.

To use LDAP authentication with Active Directory, you must have Active Directory set up prior to configuring the MiCollab Audio, Web and Video Conferencing server. Contact the site administrator to view the Active Directory configuration and verify the following.

To configure LDAP authentication with Active Directory:

  1. To use an LDAP server to store the user database, select Use LDAP.

  2. Type the server name where Active Directory resides in the LDAP Server Name box.

  3. Leave the LDAP Port No. at the default (389). However, for installations with a large Active Directory database or if there is a need to authenticate users from multiple/nested organizational units (OU) or containers (CN), you may need to change this setting to the global catalog port number (3268).

  4. Type the LDAP Search Base information in the box using the format:

    CN=<userdirectory>,DC=<domain>,DC=<com>

    Note: Entered text must be lower case except for DC, OU, CN, which must be upper case. Using upper case letters for anything else may cause the LDAP integration to fail. If not using the standard Users folder, use OU instead of CN for the folder names. If OUs are in sub-folders, list them in reverse order separated by commas. If authenticating users from multiple/nested OUs or CNs, LDAP Search Base must be a folder that is a parent of all OUs or CNs in which users exist. For example, specify the top domain level as LDAP Search Base: DC=<domain>,DC=<com>.

  5. Type the LDAP Administrator ID information in the box using the format:

    CN=<active directory administrator ID>,CN=<userdirectory>,DC=<domain>,DC=<com>

    Note: Entered text must be lower case except for DC, OU, CN, which must be upper case. Using upper case letters for anything else may cause the LDAP integration to fail. If not using the standard Users folder, use OU rather than CN for the folder names. If OUs are in sub-folders, list them in reverse order separated by commas.

    When entering the information, the first entry for CN must be the CN name of the user account that is the administrator ID, not the username or the display name. The username, display name, and CN names are typically the same however, it is possible that they could be different.

  6. Type the active directory administrator's password in the LDAP Administrator ID Password box.

  7. Type sAMAccountName in the LDAP UID box.

  8. Type the e-mail domain as <yourdomain.com> in the Email domain box.

  9. Select Auto synchronize and leave Sync interval at 5 (minutes).

  10. Click Submit, and then click Ok at the prompt.

To enter or edit LDAP authentication and auto-provisioning:

  1. From the MiCollab Audio, Web and Video Conferencing main page, click LDAP Configuration in the navigation pane.

  2. Select Use LDAP if you use an LDAP server to store the user database. Otherwise, leave this option cleared and the user database is stored on the MiCollab Audio, Web and Video Conferencing server.

    Note: When Use LDAP is set, Add User and Bulk Provision Users are not available in the MiCollab Audio, Web and Video Conferencing navigation pane.

    When Use LDAP is cleared, the user database is stored on the MiCollab Audio, Web and Video Conferencing server and the settings on this page do not affect authentication.

  3. If you select Use LDAP (in step 2), enter or edit the following LDAP server configuration options.

    • LDAP Server Name

    • LDAP Port No.

    • LDAP Search Base

    • LDAP Administrator ID

    • LDAP Administrator ID Password

    • LDAP UID Field

    • E-mail Domain

    • Auto synchronize

    • Sync interval (in minutes)

  4. Click Submit, and then click Ok at the prompt.

To verify LDAP authentication is functioning:

  1. Log on using the username (not the e-mail address) of a user listed in the Active Directory, along with their Active Directory password. The MiCollab Audio, Web and Video Conferencing server checks the Active Directory for authentication and allows the user to log on.

    Note: The name and password are sent as plain text and present a possible security risk.

  2. After the user has logged on, they are automatically added to a list of users that can be viewed and administered through the MiCollab Audio, Web and Video Conferencing admin Web client.

Parent topic: Configuration Guidelines for Secure Conferencing