When you configure your VidyoPortal to use your LDAP Server, you can set it to use a directory system, such as Microsoft Active Directory or Oracle Directory Server, to authenticate your users. When LDAP authentication is enabled on your tenant, your VidyoPortal uses the LDAP protocol to pass your user logins to your directory system for authentication.
Any Vidyo user type (except for the Super Admin and System Console accounts) can be authenticated by LDAP (Normal, Operator, Admin, VidyoRoom, etc.).
Note: To use secured LDAP, upload your LDAP certificate chain (intermediates and root) from your certification authority using the Security page before enabling LDAP.
When LDAP authentication is enabled, the User and Admin Portals do not show Change or Forgot Password options.
To configure your VidyoPortal to use your LDAP server:
- Log in to the Admin portal using your Admin account.
For more information, see Logging in to the Admin interface.
The Users page displays by default.
- Click the Settings tab.
The License page displays by default.
- Click Authentication on the left menu.
The Authentication page displays.
- Select LDAP from the Authentication Type drop-down.
The Authentication page expands and shows additional fields as follows:
Note: Field entries on the screenshot show a typical LDAP configuration.
- Enter the following information:
- Enter the LDAP server URL in the URL field.
The format is ldap:// [IP or FQDN address]/:389.
Note: To use secure LDAP (LDAPS), use an “ldaps” prefix:
ldaps:// [IP or FQDN address]/:636
- Overwrite the auto-populated credentials in the Bind DN or username field to log in to the LDAP server if necessary.
For example: uid=user, ou=employees, dc=vidyo, dc=com.
Note: The user must be able to search the LDAP tree.
- Overwrite the auto-populated password in the Bind password field needed to bind with the LDAP server if necessary.
- Enter the base object (baseObject) used for searching in the optional Search base field.
For example: ou=employees, dc=vidyo, dc=com.
- Enter the configuration string to return the LDAP Distinguished Name (DN) in the Filter template field.
For example: uid=<> where <> is replaced by the VidyoPortal user name during authentication.
- Select the base object (baseObject) from the Scope options to search:
- Select Object to search the named entry; typically used to read just one entry.
- Select One level to search the entries immediately below the base DN.
- Select Subtree to search the entire subtree starting at the base DN.
- Click the Connection Test button.
The Connection Test pop-up displays.
- Enter your LDAP user name and password.
- If validation is successful and the LDAP settings are working, click Save to save your LDAP settings.
Note: A successful connection test is required to enable the Save button on the lower part of the screen.
- If validation fails, use a third-party LDAP tool such as LDAP Browser and try the same connection string you are using with the VidyoPortal.
This determines whether or not your LDAP settings are correct.
- Configure authentication on your tenants using your desired method: LDAP Authentication with Manual User Creation or LDAP Authentication with Auto-Provisioning.
For more information, see Configuring LDAP authentication with manual user creation or Understanding LDAP authentication with auto-provisioning.
- Apply authentication to specific user types.
For more information, see Applying authentication (LDAP or web service) to specific user types.
- Click Save.