Manualshelf

Installation guide

ManualsBrandsAcano ManualsComputer equipmentSolution
21222324252627282930
LDAP Configuration
Acano solution: Single combined Acano server Deployment Guide R1.6 76-1054-01-H
Page 25
Using an extensible matching rule (LDAP_MATCHING_RULE_IN_CHAIN /
1.2.840.113556.1.4.1941), it is possible to filter on membership of any group in a
membership hierarchy (below the specified group); for example:
(&(memberOf:1.2.840.113556.1.4.1941:=cn=apac,cn=Users,dc=Example
,dc=com)(objectClass=person))
Other good examples which you can adapt to your LDAP setup include:
Filter that adds all Person and User except the ones defined with a !
(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt)))
Filter that adds same as above (minus krbtgt user) and only adds if they have a
sAMAccountName
(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(sAMAccountName=*))
Filter that adds same as above (Including krbtgt user) and only adds if they have a
sAMAccountName
(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt))(sAMAccountName=*))
This filter only imports specified users within (|( tree
(&(objectCategory=person)(objectClass=user)(|(cn=accountname)(cn
=anotheraccountname)))
Global Catalog query to import only members of specified security group (signified
with =cn=xxxxx
(&(memberOf:1.2.840.113556.1.4.1941:=cn=groupname,cn=Users,dc=ex
ample,dc=com)(objectClass=person))
4. Set up the Field Mapping Expressions
The field mapping expressions control how the field values in the Acano solution’s user
records are constructed from those in the corresponding LDAP records. Currently, the
following fields are populated in this way:
Display Name
User name
coSpace Name
coSpace URI user part (i.e. the URI minus the domain name)
coSpace Secondary URI user part (optional alternate URI for coSpace)
coSpace call id (unique ID for coSpace for use by WebRTC client guest calls)
Field mapping expressions can contain a mixture of literal text and LDAP field values, as
follows:
$<LDAP field name>$
As an example, the expression
$sAMAccountName$@example.com
Generates:
fred@example.com