What is LDAP support as it pertains to VoIP Detective?
VoIP Detective comes out of the box with internal user management system. This means that you can create users with a VoIP Detective specific username and password. These credential would not be shared with any other system. VoIP Detective PRO version 1.627 or higher offers the ability to authenticate users to your existing Microsoft, or other LDAP compliant directory service. You will still need to add users to VoIP Detective through Administration -> User Management, however the password used will be the same as their LDAP credentials.
- Configure a single LDAP server in VoIP Detective. This server will be referenced each time a LDAP enable user attempts to login.
- Add an LDAP enabled user to Administration -> User Management.
- End users login with the username of account@domain.
- The LDAP server specified will be contacted with the target user's credentials. If the account successfully authenticates, then the user is allowed to access VoIP Detective.
Adding LDAP support to older installations of VoIP Detective.
VoIP Detective OS version 3.3 and later includes support for LDAP authentication of end users. For versions before that, you must log into the Command Line Interface and install LDAP support.
Access the VoIP Detective CLI from either SSH or your Hypervisor console
Choose the option to Enable or Disable services
Choose to configure LDAP
You may be prompted to enter the cliadmin password one or more times
Once yum is finished updating the VoIP Detective appliance, you will be able to return to the GUI and configure LDAP authentication.
Configuring LDAP in VoIP Detective
In order to configure VoIP Detective for LDAP authentication, the following is required:
- Enable LDAP by going to Administration -> Configuration -> User Management and setting LDAP to enabled
- Administration -> Configuration -> User Management and enter the IP or DNS name of your LDAP server. VoIP Detective supports authenticating against a single server.
- Administration -> Configuration -> User Management and set LDAP to secure or not secure. We recommend using secure unless there is a failure.
- Test LDAP by going to Administration -> Troubleshooting and entering a valid username and password. If there is an error, this should be displayed.
- Finally, configure an LDAP user.
Configuring a user to use LDAP authentication
Users in VoIP Detective can authenticate against either the internal VoIP Detective database, or an LDAP / AD server, but not both. Because of this, users are built as either a local user, or an LDAP user. There is no mechanism to convert from one to the other at this time.
To create an LDAP user, please do the following:
- Go to Administration -> User Management and locate the "Create a new LDAP user" section.
- Enter the user's extension
- Enter the user's LDAP username. This should be in the format of username@domain
- Enter the email address - this is used for scheduled reports.
- Enter the display name that will be shown in reports.
After this, your user should now be able to login to VoIP Detective.
What user credentials are used to make the LDAP request?
VoIP Detective uses an "LDAP bind" to pass credentials to your LDAP server. This means what when a configured user attempts to login to VoIP Detective that user's username and password are passed directly to the LDAP server. If the LDAP server successfully authenticates the user, that user is allowed into VoIP Detective. The end users credentials are the only ones passed to the LDAP server. There is no need for an admin, or service account.