Skip to end of metadata
Go to start of metadata

This page explains how to configure the UX to use Active Directory services.

This process comprises three parts:

  • Active Directory Configuration
  • Cache Settings
  • User Authentication Settings

The Active Directory configuration part is where you turn on Active Directory (AD), set the way the UX will communicate with the AD server, and set a user name and password for authenticating to the AD server.

The Cache Setting part is where you set up AD attribute caching.

The User Authentication Settings section is where you determine which domain controllers to use.

Before You Begin

Before you begin, there some things you need to decide:

  • Whether or not you are going to use TLS.
  • What operating mode you intend to use.
    • Updates - a local cache is built and used to look up AD searchable fields. User authentication is enabled in this mode.
    • Online - Communication with Active Directory is done with queries and no information is cached.
    • Auth-only - This mode allows user authentication using Active Directory, and no queries are allowed.

You must have already defined and added at least one domain controller to the Domain Controllers Table.

Configuring Active Directory Services on Your UX

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Auth and Directory Services > Active Directory > Configuration.

Active Directory Configuration - Field Definitions

The fields in the Active Directory Configuration panel determine the manner in which UX communicates with the Active Directory server.

AD Enabled

Specifies the administrative state of the Active Directory resource.

Use TLS

Specifies whether or not Transport Layer Security (TLS) is used while communicating with Active Directory.

Operating Mode

Specifies the method used by the UX to communicate with Active Directory in order to achieve a balance between performance and accuracy.

 Click here to read more about Operating Mode options.
  • Online: All communication with Active Directory is done with queries and no information is cached. User authentication using Active Directory is also enabled in this mode.
  • Updates: In this mode, a local cache is built and used to lookup Active Directory searchable fields. User authentication using Active Directory is also enabled in this mode, however sensitive information (including passwords) is not cached.
  • Auth-Only: Allows user authentication using Active Directory, but no Active Directory queries are allowed.

User Name

Specifies username (BindDN) to use for querying the Active Directory.

Password Setting

Specifies whether to use the currently saved Password (BindPD) or to create a new password.

Enter/Confirm Password

Specifies a new password (BindPW) to use for querying the Active Directory.

Cache Settings - Field Definitions

The fields in the Cache Settings panel determine how Active Directory attributes are cached locally and the frequency at which the local cache is updated. The UX maintains a local cache of Active Directory user attributes. AD caching enhances system performance and survivability.

Performance

Performance is enhanced by eliminating the need to communicate with and query the Active Directory server for each and every call. This improves the performance of the AD server, and has the added benefit of increasing call speeds and relieving load on the network.

Survivability
In the event of a loss of communication with the Active Directory, whether through a loss of network connectivity or an AD server error, the UX is still able to perform authentication and authorization tasks based on the Local AD Cache.

Manual AD Cache Refresh

In addition to scheduled periodic AD Cache updates, the UX allows you to refresh (update) the AD Cache manually. Typically this feature is used to make user information available immediately after they are added to Active Directory, rather than wait for the automatic update, which might take as long as 30 days.

Normalize Cache

Specifies whether or not to strip special characters such as dashes "-", parenthesis "(", ")", spaces " ", "tel:" and "sip:" from the values while building a local active directory cache. However, normalization does not apply to name and email fields.

Update Frequency

Specifies the interval, in minutes, between local Active Directory cache updates.

The Local AD Cache can be updated manually at any time by clicking the Refresh Cache text at the top of the Active Directory Configuration page.

AD Backup

Specifies whether or not to trap SNMP Alarms/Events related to AD Backup Failed event. Set this attribute to Disabled when no USB device is installed on the UX1000 for AD Caching purposes. Has no practical effect on logging or caching on the UX2000.

Cache Attributes

Specifies which attributes are cached from Active Directory. The attribute names specified must be consistent with attribute names in Active Directory.

Be careful! Attribute names are case sensitive.

User Authentication Settings - Field Definitions

The fields in the User Authentication Settings panel determine which Active Directory (domain controller) servers are used for authentication.

Primary/Secondary Domain Controller

Specifies which Domain Controller listed in the Domain Controllers Table to use as either primary or secondary.