Page History
Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||||
---|---|---|---|---|---|---|
In this section:
|
Info | ||
---|---|---|
| ||
Additional topics:
|
Excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
This page explains how to configure the
|
Note | ||
---|---|---|
| ||
Active Directory is always enabled by default, no licensing action is required to turn it on. |
This process comprises three parts:
- Active Directory Configuration
- Cache Settings
- User Authentication Settings
The Active Directory configuration part is where you turn on Active Directory (AD), set the way the
Spacevars | ||
---|---|---|
|
Spacevars | ||
---|---|---|
|
Info |
---|
The maximum amount of characters for the Active Directory Configuration attributes is 512. |
The Cache Setting part is where you set up AD attribute caching.
The User Authentication Settings section is where you determine which domain controllers to use.
Info |
---|
For additional information about Active Directory, see Call Routing Based on Active Directory User Attributes and Basic AD-based Call Routing |
...
Before You Begin
Before you begin, there some things you need to decide:
- Whether or not you are going to use TLS.
- What operating mode you intend to use.
- Updates - a local cache is built and used to look up AD searchable fields. User authentication is enabled in this mode.
- Online - Communication with Active Directory is done with queries and no information is cached.
- Auth-only - This mode allows user authentication using Active Directory, and no queries are allowed.
- Cache Lookup Only - When selected the SBC examines only the local AD Cache for the requested attribute, if none is found the call fails.
You must have already defined and added at least one domain controller to the Domain Controllers Table.
Configuring Active Directory Services on the
Spacevars | ||
---|---|---|
|
Excerpt |
---|
|
Active Directory Configuration - Field Definitions
The fields in the Active Directory Configuration panel determine the manner in which
Spacevars | ||
---|---|---|
|
Spacevars | ||
---|---|---|
|
AD Enabled
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the administrative state of the Active Directory resource. |
Use TLS
Panel | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||
Specifies whether or not Transport Layer Security (TLS) is used while communicating with Active Directory.
|
Operating Mode
Panel | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Specifies the method used by the
|
Query/Cache Attributes
Panel | ||||
---|---|---|---|---|
| ||||
Specifies which attributes are cached from Active Directory. The attribute names specified must be consistent with attribute names in Active Directory. |
Nested Group Lookup for Authentication
Panel | ||||
---|---|---|---|---|
| ||||
Specifies whether or not nested group lookups are performed to authorize users. Applies only to authentication domain controllers. |
Cache Settings - Field Definitions
The fields in the Cache Settings panel determine how Active Directory attributes are cached locally and the frequency at which the local cache is updated. The
Spacevars | ||
---|---|---|
|
- Performance: Performance is enhanced by eliminating the need to communicate with and query the Active Directory server for each and every call. This improves the performance of the AD server, and has the added benefit of increasing call speeds and relieving load on the network.
- Survivability: In the event of a loss of communication with the Active Directory, whether through a loss of network connectivity or an AD server error, the
is still able to perform authentication and authorization tasks based on the Local AD Cache.Spacevars 0 product
Normalize Cache
Panel | ||||
---|---|---|---|---|
| ||||
Specifies whether or not to strip special characters such as dashes "-", parenthesis "(", ")", spaces " ", "tel:" and "sip:" from the values while building a local active directory cache. However, normalization does not apply to name and email fields. |
Update Frequency
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the interval, in minutes, between local Active Directory cache updates.
|
Configure Initial Update Time
Panel | ||||
---|---|---|---|---|
| ||||
Specifies when the AD Cache is updated upon initial SBC power up or after an AD Configuration has been edited and applied. If set to True, the system waits until the time specified in the First Update Time field before updating the AD Cache. If set to False the AD Cache is updated immediately upon start up or when a new/edited configuration is applied. |
First Update Time
Panel | ||||
---|---|---|---|---|
| ||||
Specifies the time (system time) at which the first AD Cache update occurs after initial SBC power up or after an AD Configuration has been edited and applied. This field is visible only when the Configure Initial Update Time field is set to True.
|
AD Backup Failure Alarm
Panel | ||||
---|---|---|---|---|
| ||||
When Enabled, the SBC will raise an alarm and send an SNMP Trap if the AD Cache backup fails. This parameter controls the alarm and trap generation only. It does not control the AD Cache backup function. |
Encrypt AD Cache
Panel | ||||
---|---|---|---|---|
| ||||
The Encrypt AD Cache option allows the SBC Edge (SBC 1000, SBC 2000, and
Valid options: True (encrypts the AD cache) or False (does not encrypt the AD cache). Default entry: False. |
...