Microsoft Active Directory Integration

Integrations with Other Systems

 

 

Table 7-1

Fields on the Microsoft Active Directory page (continued)

 

 

 

Field

 

Description

 

 

Domain\user name

LDAP service account user ID for system access to the

 

 

Active Directory. Must be set up in the Active Directory,

 

 

but should not have Windows login privileges.

 

 

Note: If you use Active Directory attributes that aren’t

 

 

replicated across the enterprise via the Global Catalog

 

 

server mechanism, the system must query each domain

 

 

for the data. Make sure that this service account can

 

 

connect to all the LDAP servers in each domain.

 

 

The Polycom DMA system initially assigns the

 

 

Administrator user role to this user (see “User Roles

 

 

Overview” on page 312), so you can use this account to

 

 

give administrative access to other enterprise user

 

 

accounts.

 

 

Caution: Leaving a user role assigned to this account

 

 

represents a serious security risk. For best security,

 

 

remove the Administrator user role so that it can’t be

 

 

used for logging into the Polycom DMA system

 

 

management interface.

 

 

 

Password

 

Login password for service account user ID.

 

 

User LDAP filter

Specifies which user accounts to include (an underlying,

 

 

non-editable filter excludes all non-user objects in the

 

 

directory). The default expression includes all users that

 

 

don’t have a status of disabled in the directory.

 

 

Don’t edit this expression unless you understand LDAP

 

 

filter syntax. See RFC 2254 for syntax information.

 

 

 

Base DN

 

Can be used to restrict the Polycom DMA system to

 

 

work with a subset of the Active Directory (such as one

 

 

tree of multiple trees, a subtree, or a domain). Leave the

 

 

default setting, All Domains, initially. See

 

 

“Understanding Base DN” on page 173.

 

 

Time of day to refresh

Time at which the Polycom DMA system should log into

cache

 

the directory server(s) and update its cache of user and

 

 

group data.

 

 

 

Territory

 

Specifies the territory whose Polycom DMA system

 

 

cluster is responsible for updating the user and group

 

 

data cache.

 

 

In a superclustered system, this information is shared

 

 

across the supercluster. The other clusters access the

 

 

directory only to authenticate passwords. See

 

 

“Territories” on page 302 for more information.

 

 

 

Polycom, Inc.

167

Page 178 Page 180
Page 179
Image 179
Polycom 3725-76302-001LI manual Understanding Base DN on
Page 178 Page 180
Top Page Image Contents