Adding or Editing an Active Directory Configuration

Use the Add/Edit Active Directory Configuration dialog box to add or edit the configuration for an Active Directory server.

After you save a configuration, you can enable the configuration to use for authentication. If your organization has multiple Active Directory domains, you can add multiple configurations.

To add or edit an Active Directory configuration:

  1. Click Active Directory in the navigation bar.
  2. Click Add to add a new Active Directory configuration, or choose an Active Directory name from the list and click Edit to edit an existing configuration.

    The Add/Edit Active Directory Configuration dialog opens. Add or edit data as appropriate.

    Table 1. Add/Edit Active Directory Configuration fields

    Field

    Maximum Length

    Description

    Name

    50

    Enter the name for this Active Directory configuration. This name is used to identify the Active Directory server when users log in, so give it a name that users will recognize, such as the name of a site, organization, or division. The name must be unique; it cannot be the name of an existing Active Directory configuration.

    Primary Servers

    255

    Enter the comma-separated list of Active Directory server IP addresses or DNS names.

    Important: You can specify a total of seven servers between the Primary Servers and Secondary Servers lists.

    Secondary Servers

    255

    Optionally, enter the comma-separated list of secondary Active Directory server IP addresses or DNS names.

    The secondary servers are used only if the Vocera Voice Server is unable to connect to any of the primary Active Directory servers. The secondary servers could be Active Directory servers installed at a remote site for redundancy purposes.

    SSL

    n/a

    If the Active Directory uses LDAP over SSL (LDAPS), check this box.

    If you check the SSL box, you must install the Active Directory certificate on each Vocera Voice Server.

    Port

    5

    Type the TCP port used by Active Directory. The valid range is 1 to 65535. The default is port 636.

    If your Active Directory server is a global catalog server, you can change the port to 3269, the global catalog SSL port, to speed up authentication.

    Here is a list of default Active Directory ports:
    • LDAP—389

    • LDAP SSL—636

    • LDAP Global Catalog—3268

    • LDAP Global Catalog SSL—3269

    AD Service Account ID

    50

    Enter the user ID for an Active Directory service account.

    This service account should have read access to Active Directory.

    Domain

    50

    Enter the fully qualified domain name (FQDN) of the Active Directory server.

    AD Service Account Password

    30

    Enter the password of the Active Directory service account.

    Re-enter Password

    30

    Re-type the same password you entered in the AD Service Account Password field.

    Search Base

    50

    Optionally, type the location in which to start searching in the Active Directory hierarchical structure for user account entries. By specifying a search base, you can make authentication faster by not searching the entire Active Directory.

    A search base comprises multiple objects separated by commas. These objects can include a common name (cn), organizational unit (ou), organization (o), country (c), and domain (dc).

    For example, to search the Support container in the vocera.com domain, specify the following search context:

    ou=support,dc=vocera,dc=com

    Note: The search base is case-insensitive. If you don't specify a search base, the entire Active Directory domain is used as the search base.

    Login Map Field

    50

    Enter the Active Directory user attribute used to map the Active Directory account to a Vocera user ID. For example, Active Directory may have an attribute for the employee ID that maps to Vocera user IDs.

    Make sure you enter the Ldap-Display-Name of the attribute, not its common name (cn). If you're not sure of the Ldap-Display-Name, check with your Active Directory administrator.

    Note: The field name is case-sensitive.

  3. After completing the Active Directory configuration, do either of the following:
    • Click Save to save changes and close the dialog box.
    • Click Save & Continue to save changes and clear the Add/Edit Active Directory Configuration dialog box, letting you add information for another Active Directory configuration.
    • Click Test Connection to test whether you can connect successfully to the Active Directory servers, both primary and secondary, using the current settings.