LDAP integration allows VMS admins to link an already existing User Data Base to the WAVE system, while keeping LDAP passwords and providing an option to assign specific access rights.
Instructions on how to integrate and configure an LDAP Server can be found here.
Before we proceed:
Q: Why can't I use an IP address while configuring LDAP in the Desktop Client?
A: FQND* standard should be used instead. See more information at the bottom of the page.
Q: Can the system be set to periodically pull LDAP for changes/updates?
A: The Media Server tries to sync with LDAP/AD server every 5 or 10 minutes by default.
Q: Why are LDAP users unable to login to the Web Client until after they have successfully logged into the Desktop Client one time?
A: The functionality is planned to be implemented in later releases.
Q: When configuring LDAP integration, I cannot specify the domain's base DN as a search base, but can specify OU's underneath the base DN. Why?
A: You cannot filter on OU membership, but you can filter on group membership. To retrieve all users that are members of a specified group, filter on the memberOf attribute.
Q: Does VMS keep LDAP passwords?
A: No, for security reasons.
Q: Does an LDAP Server have to be a part of a Local Network together with the Media Server?
A: No. An LDAP Server must be available for the Media Server rather on LAN or via WAN.
Q: Why cannot I see the LDAP "button" in the Desktop Client?
A: LDAP users with any role assigned are not allowed to modify LDAP Server settings. The basic concept is that if they accidentally modify these setting they will lose permission to connect.
Q: Why does LDAPS (LDAP over SSL) not work?
A: Most likely you'll be required to change certificates or to install certificates to both machines: LDAP Server and the Media Server.
What if it still does not work:
First, let's understand if an issue is related to the VMS. For that we recommend you to use an alternative LDAP Browser/Client to connect to your LDAP Server from the list below:
Win --> Softerra LDAP Browser
Ubuntu --> OpenLDAP
To install (Ubuntu):
sudo apt-get update && sudo apt-get install ldap-utils
A test query can look like the one below:
ldapsearch -LLL -x -H ldap://ad.my.domain.com:389 -s sub -D Administrator@my.domain.com -b CN=Users,DC=my,DC=domain,DC=com -w PaSsWoRd123 -o ldif-wrap=150
DN of an admin: Administrator@my.domain.com or CN=Administrator,CN=Users,DC=my,DC=domain,DC=com
Search Base: CN=Users,DC=my,DC=domain,DC=com
description: Default container for upgraded user accounts
If you manage to fetch / browse the information, please proceed to Step II. Otherwise, we strongly encourage you to talk to your LDAP system administrator for assistance.
*** If Step I was successful ***
Try to perform / re-create the same LDAP related operation you were unsuccessful with.
Gather Server Logs and create a ticket via our Support Portal with the files attached.
*FQND - it is necessary to use correct Fully Qualified Domain Name (FQDN) as URL. To determine:
1) Log in to the LDAP server
2) Open command prompt and type:
setspn -L ASDDC6 (ASDDC6 is your hostname). You'll see something like:
Registered ServicePrincipalNames for CN=ASDDC6,OU=Domain Controllers,DC=asd,DC=local:
ldap/ASDDC6.asd.local is the correct hostname (we use ldap://ASDDC6.asd.local)