Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration



Similar documents
LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

PineApp Surf-SeCure Quick

IIS, FTP Server and Windows

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Configuring User Identification via Active Directory

Extended communication server: Fax Server- Administration

Quick Scan Features Setup Guide

NSi Mobile Installation Guide. Version 6.2

ServiceDesk 7.1 Installation and Upgrade. ServiceDesk 7.1 Installation and Upgrade - Using Domain Service Credentials A Step by Step Guide

Setting Up Scan to SMB on TaskALFA series MFP s.

QUANTIFY INSTALLATION GUIDE

How to Join QNAP NAS to Microsoft Active Directory (AD)

Scan to Quick Setup Guide

How to connect to the diamonds wireless network with Vista.

Active Directory Integration

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Adobe Connect LMS Integration for Blackboard Learn 9

Configuration Guide for Active Directory Integration

Virtual CD v10. Network Management Server Manual. H+H Software GmbH

Immotec Systems, Inc. SQL Server 2005 Installation Document

F-Secure Messaging Security Gateway. Deployment Guide

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Set Up Setup with Microsoft Outlook 2007 using POP3

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Install MS SQL Server 2012 Express Edition

Scan to SMB(PC) Set up Guide

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Using TLS Encryption with Microsoft Outlook 2007

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

Initial Setup of Microsoft Outlook 2011 with IMAP for OS X Lion

Migrating MSDE to Microsoft SQL 2008 R2 Express

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

HP A-IMC Firewall Manager

Video Administration Backup and Restore Procedures

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Summary. How-To: Active Directory Integration. April, 2006

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Pcounter Web Administrator User Guide - v Pcounter Web Administrator User Guide Version 1.0

How to Access Coast Wi-Fi

Creating a User Profile for Outlook 2013

TrueEdit Remote Connection Brief

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Networking Best Practices Guide. Version 6.5

Hosted Microsoft Exchange Client Setup & Guide Book

HP IMC Firewall Manager

LifeCyclePlus Version 1

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

How to use edgebox as a PDC and to Share Files

How to Logon with Domain Credentials to a Server in a Workgroup

Installation and Deployment

aims sql server installation guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Joining an XP workstation to a domain Version 1.00

Hosted Microsoft Exchange Client Setup & Guide Book

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Training module 2 Installing VMware View

Extended communication server 4.1 : VoIP SIP service administration

Configuring Sponsor Authentication

Virtual Office Remote Installation Guide

Authentication Methods

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

Instructions for Microsoft Outlook 2003

File Transfer with Secure FTP

educ Office Remove & create new Outlook profile

Changing Your Cameleon Server IP

MGC WebCommander Web Server Manager

Hansoft LDAP Integration

NETASQ SSO Agent Installation and deployment

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

RoomWizard Synchronization Software Manual Installation Instructions

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Application Note: FTP Server Setup on computers running Windows-7 For use with 2500P-ACP1

RSA SecurID Ready Implementation Guide

System Administration Training Guide. S100 Installation and Site Management

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Using Internet or Windows Explorer to Upload Your Site

Accessing the Media General SSL VPN

Click Studios. Passwordstate. Installation Instructions

CYAN SECURE WEB HOWTO. NTLM Authentication

PriveonLabs Research. Cisco Security Agent Protection Series:

G-Lock EasyMail7. Admin Guide. Client-Server Marketing Solution for Windows. Copyright G-Lock Software. All Rights Reserved.

DOMAIN CENTRAL HOSTING

Configuration Guide. BES12 Cloud

1. Open the Account Settings window by clicking on Account Settings from the Entourage menu.

Professional Mailbox Software Setup Guide

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

Password Manager. Version Password Manager Quick Guide

Migrating helpdesk to a new server

Configuration Guide. Remote Backups How-To Guide. Overview

Avatier Identity Management Suite

To configure Outlook Express for your InfoMetrics address:

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Historical Reporting Client (HRC) User Login Fails

Sophos Mobile Control Installation guide

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Transcription:

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration September, 2009 TC1312 Alcatel-Lucent Office Offer - All Rights Reserved Alcatel-Lucent 2009

INTRODUCTION...3 FEATURE LIST...3 PRE-REQUISITE...3 ECS...3 Windows server...4 INSTALLATION...4 ACTIVATION AND CONFIGURATION...4 Service description...4 Configuration...5 How-to retrieve the link account information in the windows server...6 Synchronization...9 Deactivated account...9 USER CONNECTION...9 Login management...10 Restrictions...10 LOGS...11 KNOWN BUGS...11

INTRODUCTION This document intended to the ECS administrator explains how-to install and administrate the active directory synchronization module on the Extended communication server. FEATURE LIST This module provides the interoperability between Active Directory s Microsoft domains and ECS LDAP directory. It is used to import users from Active Directory to LDAP. Administration features - Synchronization of users account with a Windows active directory server. All users are imported from active directory. Thus the ECS administrator does not need to create the ECS users account. - Automatic daily synchronization - Possibility to work in mixed mode with some users created in the ECS directory only - Exclusion of some accounts from the synchronization - Visibility of deactivated accounts in active directory Users features - All ECS services are available for the ESC users (Virtual desktop, Email, FTP, mobility, FAX ) - The users passwords management is deactivated in the ECS. The passwords are managed in active directory PRE-REQUISITE ECS Applicable ECS releases : 4.0, 4.0.1, 4.1 Pre-required patches : - P-5665 : Make ldap restart synchronous - P-6008 : Closing patch of Service pack 2 (Installation reference : S-0002) - P-5870 : Add the hidden domain name capability for the mail system - P-5680 : Technical improvements in the directory - P-6321 : Directory fix with external POP account logins containing - - P-6238 : New feature : Add control on user,superadmin and root passwords - P-6525 : replace LDAP ldbm backend by berkley DB Please consult the ECS support web site for more information regarding the pre-requisites.

CAUTION : The pre-required patch P-6525 will request to reboot the server. This reboot after P-6525 or P-6218 installation is absolutely mandatory. The administrator should inform all users before installing this patch. Windows server The windows server must be used as primary domain controller. The supported release of windows server are : - Microsoft Windows 2000 standard server (either on other versions) - Microsoft Windows 2003 standard server (either on other versions) - Microsoft Windows 2008 standard server (either on other versions) Note : Windows 2008 standard server doesn t support encrypted connection due too a Microsoft issue. Microsoft provide a hot fix KB957072 http://support.microsoft.com/kb/957072/. The windows server must meet the following requirements : - Link account authorized to browse the Active directory - Link account with a valid password - Active directory domain name - Active directory search base - Firewall configuration to allow the ldap and/or ldaps service access. INSTALLATION The Active directory synchronization moddule is delivered as a patch available on the update server. Patch reference : P-6218 Installation procedure : 1- Check the pre-required patches are installed 2- Go to the menu Appliance / Update / Update from the web / Manual update then enter the reference: P-6218 CAUTION : The pre-required patch P-6525 will request to reboot the server. This reboot after P-6525 or P-6218 installation is absolutely mandatory. ACTIVATION AND CONFIGURATION Service description See below a sample of network architecture allowing the implementation of the synchronization service.

Fig. 1 Configuration Once the patch is installed, go to the menu Directory > Synchronization with an external directory (Active Directory) to configure the module. (See fig. 2 below). Fill the form available in the Configuration tab then click on OK : - IP address or name of the external directory - DN of the link account : This field corresponds to the DN of the link account; this account must enable the information contained in the directory to be read. Example of DN: cn=link link,cn=users,dc=domain,dc=loc - Link account password

- Directory domain : This field represents the domain to which the external directory belongs. It is automatically completed from the link account DN, but can be modified. - Base in the directory : This field is used to specify the sub-tree of the directory you want to synchronize. For example dc=domain,dc=loc - Retrieval group : During the synchronization, the users and groups created will not be added directly to your server s directory base. They will all belong to a group whose name is defined in this field. - Automatic synchronization time : This selection list is used to select the time when the automatic synchronization will be executed each day. - Secure connection with the Active Directory server: When enabled, this option is used to encrypt all information exchanges between the Active Directory and the server. To do this, you can import the public part of the authority certificate used on the Active Directory in ASCII(Base64) format. This option can be used without importing the authority certificate. Fig. 2 This operation generates a ldap (port 389) or ldaps (port 636) connection to the active directory server depending on the use of a secure connection or not. If the parameters sent by the ECS are corrects, the active directory server will return the users list. At this stage, the administrator can exclude some users from the synchronization (See exclusion tab). Note : In case of ldaps synchronization to the active directory server, the ECS will ask to superadmin to authenticate again. How-to retrieve the link account information in the windows server

The link account is a active directory user with admin rights. It must be created in the windows server with the active directory users and computers administrative tool. See below an example of link account link link created in the group Domain Admin. The DN of the link account has the following form : cn=name,cn=users,dc=domain,dc=domain_extension. Example with an active directory domain named domain.loc : cn=link link,cn=users,dc=domain,dc=loc The base from which the synchronization will be done has the following form : dc=domain,dc=domain_extension Example with an active directory domain named domain.loc : dc=domain,dc=loc This information can be retrieved from the active directory server with an ldap browser. Here is an example of use of the ldap browser from the windows server : 1- Start / Run /ldp.exe 2- Connection : Enter the information to connect in LDAP to the server (See screenshot below) 3- Bind : Authenticate as an existing user in the active directory domain (See screenshot below)

4- Search the users in the database (See screenshot below) See below the result of the search example :

Important note : If the connection from the ECS to active directory connection doesn t work, it is recommended to perform some connection tests from a ldap browser installed on a client PC. The connection from the ECS will not work while the connection from the LDAP browser does not work. In this case, the installator will have to check the windows server configuration and parameters. Synchronization Once the users list is retrieved from the active directory server, the administrator can pass the service status to on in order to activate the service. Then click on the Synchronize button at the bottom of th frame in order to launch the fisrt synchronization. This operation will retrieve the users information from active directory and create the users in the ECS base group. The retrieved information are : - User login - User first name - User last name - Phone number - Mobile phone number - Email addresses Once the first synchronization is done, you can activate the daily synchronization process which will repeat the operation described above. Deactivated account This list presents the user accounts that have been deleted or deactivated in the external directory. They have been deactivated on the server. They will be active again if the account is reactivated or recreated in the external directory. They are available in this interface so that they can be deleted by the administrator. USER CONNECTION The user authenticates to the ECS services by using his usual active directory login/password. The first time, The ECS forwards the authentication request to the active directory server and save locally the encrypted password if the user is successfully authenticated. The following requests will be answered directly by the ECS until the user s password is changed. In this case, we go back to the first time case.

Login management The ECS policy for authorized characters in login is much more restrictive than in active directory as the authorized characters are [a..z],[0..9],[-],[_]!. An automatic conversion of special characters between active directory and ECS directory login when the user is created in the ECS directory. The administrator will see in the ECS directory that some special characters are converted because not authorized in the ECS policy. Here are the conversion rules : Special characters Replacement characters @ á é í ó ú ý Á É Í Ó Ú Ý à è ì ò ù À È Ì Ò Ù ä ë ï ö ü ÿ Ä Ë Ï Ö Ü â ê î ô û Â Ê Î Ô Û å Å ø Ø ß ç Ç ã ñ õ Ã Ñ Õ a a e i o u y A E I O U Y a e i o u A E I O U a e i o u y A E I O U a e i o u A E I O U a A o O s c C a n o A N O The \ (backslash) character is removed (replaced with nothing). The ASCII characters are handled as follows (see http://www.table-ascii.com/ for the ASCII table): Passwords management The following restrictions must be applied to the passwords management. The policy of Active Directory must be compliant with the policy of the ECS. Be careful to update your Active Directory policies on passwords to [ a-z A-Z 0-9 _ / \ & ~ " # ' { } ( ) [ ] < > ` @ =? ; :! +., % $ * - ]!). Restrictions The number of users which can be imported cannot exceed the maximum number of users licensed. The personal information for those users does not allow anymore changing the password and phones information.

LOGS The system logs regarding this service are available in Control panel / system logs tab System in the file /var/log/syslog KNOWN BUGS

www.alcatel-lucent.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information