This article explains how to configure Oreno Manager to use an LDAP server for user authentication. LDAP stands for Lightweight Directory Access Protocol and is a vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information.
This guide will include detailing where to add the LDAP server information within the Oreno administrative console. We will also show you how to add your LDAP Users to Oreno Rooms. The dialer for each room can also list the users in the LDAP directory.
This article assumes you already have Oreno Manager installed and running on a machine. Please refer to the Getting Started article for a complete tutorial on setting up Oreno Manager. Other documentation regarding Oreno Manager and using LDAP for authentication can be found in the Oreno help system.
LDAP support requires Oreno version 1.1 or higher.
Log into your Oreno Administrative console and navigate to the Users area and click on LDAP to setup the server configuration.
Below we are using an example LDAP server for the purpose of this article. You will need to coordinate with the IT personnel to obtain the LDAP server settings for your own Oreno installation.
In this area you will need to supply the Hostname or IP address of the LDAP server. The standard port for LDAP is 389 but this can be customized with the Port field. You can optionally (if enabled on the LDAP server) securely access the server using SSL/TLS.
The most important item to consider is the Base DN field. DN refers to the "distinguished name" that can be used to target a specific group (or groups) of LDAP users. Think of this line as a way of "searching" for the specific users or groups you want to be made available in Oreno. The DN can consist of many key/value pairs. For the purpose of using Oreno, you will likely only need to use DC and OU.
DC: Domain Component - identifies each component of the domain, typically this will be the LDAP server's fully qualified domain name split at the decimal point. For example, myldapserver.com would be written as the following in the DN line: dc=myldapserver,dc=com
OU: Organizational Unit - identifies a unit or group that a user is a part of. This is analogous to how different departments might be organized at a company. There could be a ou=accounting and a ou=engineering. Also note that there might be a hierarchy to the organizational units, for example there could be an "All Users" organizational unit and within that could be the "Accounting" and "Engineering" groups. Both ou=accounting,ou=all users would need to be specified to access the accounting group.
There are other values that are a part of the DN syntax but we will focus on using DC and OU as these will be the most useful when configuring Oreno to use an LDAP server.
Recommended Practice: We recommend that a new OU group is created on the LDAP server and add all your intended Oreno users to that group. This is because Oreno Manager can only import one group from the LDAP server. For example your DN line could look like the following:
Finally you will need to either configure Oreno to use a Login and Password for the LDAP server or it is also possible for Oreno to access the server (if configured) anonymously.
Exclude LDAP users from dialer contact list - This will prevent the contact details from the LDAP users from appearing on the dialer contact list of any room.
Finally click Apply and you should see the user list get immediately populated with users and/or sub-groups from the LDAP server. Below is an example of the groups that were retrieved from our demonstration LDAP server.
It's possible to have locally-created Oreno users and LDAP users configured at the same time. For example, the above screen shot also shows two local users as a designer and administrator. To help distinguish between LDAP and local users, look for the checkmark next to the role identifier. You can also click on the filters to the right of the user list to only show LDAP users, Local users, or all users.
If for some reason no LDAP users or groups appeared, check the history page of the Oreno administration console. Check the log entries on that page for references to errors regarding LDAP. You may also want to consider inspecting the logs on the LDAP server directly.
Adding LDAP users to rooms
Once the LDAP users are visible in Oreno Administrative console, it's now simply a matter of assigning those users to their desired roles and rooms.
If the user is in a group, double click on the group name to bring up the users in that group. You can use the navigation buttons in the user list's header to return to main user list.
To change a user's role:
Click on the desired user in the list and then click on the "user" button. Then Select the desired role.
To assign one or more users to rooms:
You have two ways of assigning LDAP users to one or more rooms. The first one involves visiting the "Rooms" page of the Oreno Administrative console.
The other way to assign users to rooms is on the Users page. Select a user and click on the "Rooms" link that is located in the area that lists the user's details:
This will bring up all the available rooms you can assign to the user: