Manualshelf

Specifications

ManualsBrandsShoreTel ManualsComputer equipmentMobility Router 4000
919293949596979899100
Configuring Authentication Adding a Directory Server Group
8
ShoreTel Mobility Router Administration Guide 82
16. In the Server Certificate Verification area:
a. Uncheck the Manage Certificate if not importing Active Directory Server's CA certificate. In
this case, the Mobility Router does not verify the certificate and blindly accepts server
certificate. This applies to all Active Directory forests.
b. Check Manage Certificate to enforce the server certificate verification. Refer to “Secure
LDAP Certificate Requirements for Active Directory Domain Controllers” on page 311 for
information on exporting a Secure LDAP CA. This certificate is used in conjunction with this
step.
17. Click the Manage Certificate link to view and import the Active Directory CA certificate. A new
window pops up.
18. Click Import and copy and paste the appropriate Active Directory CA Certificate. The certificate
must be enclosed in
-----BEGIN CERTIFICATE----- and
-----END CERTIFICATE----- tags.
19. When the certificate verification is enforced, the Mobility Router verifies the following:
The certificate is valid and not expired or damaged.
The subject name or the first name in the Subject Alternative Name (SAN) matches with the
Fully Qualified Domain Name (FQDN) of the LDAP server (configured on the General tab).
It was issued by the trusted authority, and a certificate chain can be established up to the CA
certificate imported here.
20. Select Apply.
21. Select Query to perform the forest search. The Query screen displays.
a. Enter a search string such as a user name in the Search For field. Refer to “Directory Query”
on page 266 for more information about this field.
b. By default, the Search In drop down menu displays the currently configured active directory
forest. Select the specific active directory forest, or All Enabled forests, to complete a search.
Refer to “Directory Query” on page 266 for more information about this field.
22. Select Verify to verify the server configuration is correct.
Viewing or Changing Advanced Settings for the Active Directory Authentication Server
This page contains advanced LDAP configuration parameters used for directory query. By default,
settings on this page are predefined for Active Directory as the LDAP server. For active directory,
some settings will change, depending on your active directory settings. For more information, see your
LDAP server documentation.
Note
If verification is not successful, select Security Type “None” to make sure other parameters are
correct, then retry the selected security type.