Configure an Active Directory Domain Controller

This task is used to configure and active directory (AD) domain controller (domain server) for external user authentication.

• The Active Directory must be configured for LDAP over SSL if the Active Directory is enabled in Oracle Communications Session Delivery Manager.
• Active Directory must support version 5, if the Kerberos protocol is used.
• Each user object in your Active Directory must store the groups of each member using the memberOf attribute.
• Only child groups may be mapped to local groups when group nesting is in use. This limitation is due to the memberOf attribute not containing a recursive list of predecessors when nesting.

1. Expand the Security Manager slider and select User Management > Authentication.
2. In the External authentication pane, select the Active directory radio button and click Add.
   The Active Directory servers table becomes available for use.
3. In the Add a Domain Controller pane, complete the following fields:

   Name	Description
   Address field	The IP address or DNS name of the domain controller.
   Domain field	The domain name for the domain controller.
   LDAP Port field	The listening port number of the LDAP service. The default is 389. Use port 636 if using SSL.
   Password security drop-down list	Select from the following protocols used to authenticate the user: Digest-MD5—The password cipher based on RFC 2831. LDAP over SSL—The SSL to encrypt all LDAP traffic. Kerberos—The Kerberos protocol to authenticate the user by specifying an existing krb5.conf file containing the information needed by the Kerberos V5 library. This includes information describing the default Kerberos realm, and the location of the Kerberos key distribution centers for known realms.

4. Click Apply.
   External users can now be authenticated by the AD domain controller. See the Map a Local User Group to an External Domain User Group section of this chapter for more information.