System Settings, Defaults, Clusters, and Active Directory Authentication / Configuring Active Directory Authentication |
Use the Add/Edit Active Directory Configuration dialog box to add or edit the configuration for an Active Directory server.
After you save a configuration, you can enable the configuration to use for authentication. If your organization has multiple Active Directory domains, you can add multiple configurations.
To add or edit an Active Directory configuration:
The Add/Edit Active Directory Configuration dialog opens. Add or edit data as appropriate.
Field |
Maximum Length |
Description |
---|---|---|
Name |
50 |
Enter the name for this Active Directory configuration. This name is used to identify the Active Directory server when users log in, so give it a name that users will recognize, such as the name of a site, organization, or division. The name must be unique; it cannot be the name of an existing Active Directory configuration. |
Primary Servers |
255 |
Enter the comma-separated list of Active Directory server IP addresses or DNS names. Important: You can specify a total of seven servers between the Primary Servers and Secondary Servers lists. |
Secondary Servers |
255 |
Optionally, enter the comma-separated list of secondary Active Directory server IP addresses or DNS names. The secondary servers are used only if the Vocera Voice Server is unable to connect to any of the primary Active Directory servers. The secondary servers could be Active Directory servers installed at a remote site for redundancy purposes. |
SSL |
n/a |
If the Active Directory uses LDAP over SSL (LDAPS), check this box. If you check the SSL box, you must install the Active Directory certificate on each Vocera Voice Server. |
Port |
5 |
Type the TCP port used by Active Directory. The valid range is 1 to 65535. The default is port 636. If your Active Directory server is a global catalog server, you can change the port to 3269, the global catalog SSL port, to speed up authentication. Here is a list of default Active Directory ports:
|
AD Service Account ID |
50 |
Enter the user ID for an Active Directory service account. This service account should have read access to Active Directory. |
Domain |
50 |
Enter the fully qualified domain name (FQDN) of the Active Directory server. |
AD Service Account Password |
30 |
Enter the password of the Active Directory service account. |
Re-enter Password |
30 |
Re-type the same password you entered in the AD Service Account Password field. |
Search Base |
50 |
Optionally, type the location in which to start searching in the Active Directory hierarchical structure for user account entries. By specifying a search base, you can make authentication faster by not searching the entire Active Directory. A search base comprises multiple objects separated by commas. These objects can include a common name (cn), organizational unit (ou), organization (o), country (c), and domain (dc). For example, to search the Support container in the vocera.com domain, specify the following search context: ou=support,dc=vocera,dc=com Note: The search base is case-insensitive. If you don't specify a search base, the entire Active Directory domain is used as the search base. |
Login Map Field |
50 |
Enter the Active Directory user attribute used to map the Active Directory account to a Vocera user ID. For example, Active Directory may have an attribute for the employee ID that maps to Vocera user IDs. Make sure you enter the Ldap-Display-Name of the attribute, not its common name (cn). If you're not sure of the Ldap-Display-Name, check with your Active Directory administrator. Note: The field name is case-sensitive. |