Applies to the Barracuda Phone System, firmware versions 2.0 and above.
Answer:Active Directory Synchronization reduces administrative overhead by allowing you to synchronize the Barracuda Phone System to your active Directory Configuration. The Active Directory Synchronization process will synchronize with a selected group within your active directory.
The Active Directory Synchronization process will complete the following steps during each sync process:
- Create a User account on the Barracuda Phone System
- Assign the next available extension for any user in the specified sync group
- Create a group on the Barracuda Phone System for any group which the user belongs to within the Base DN provided (if it does not exist)
- Assign the next available extension to the group
- Add the user to the group
- Remove any users who are no longer listed in the selected Active Directory Synchronization Group and who are not containers for any user accounts on the Barracuda Phone System
- Remove any groups that are no longer in the Selected Active Directory Synchronization Group as well as any users that exist only within that group
Note - It is important to remember that users and groups MUST be managed via Active Directory once Active Directory Synchronization is being used.
Note - Removing an existing LDAP Synchronization Setup will remove ALL users and groups which it created.
Configuring Active Directory Synchronization:
- Navigate to Configuration > Directory Services/LDAP and click on the button labeled Select Server
- Supply the necessary domain credentials to access your Active Directory Tree:
- Domain - This is the domain for which which the Active Directory is authoritative
- Bind Username - This must be a user with LDAP read access. In most cases, the format should be username@domain
- Bind Password - This is the password for your selected Username
The following fields are required and CANNOT be changed later:
- Server Address - IP or DNS resolvable name of server
- LDAP Port - The default value is 389
- LDAP Encryption - The default value is None
- UID Attribute - The default is sAMAccountName
- Base DN - The search root for your Domain (example: DC=example,DC=com)
- "Member of" Attribute - the default value is memberOf
- "Group Member" Attribute - the default value is member
- Allow User Authentication via Directory Services - Checking this box will switch from using PIN authentication to LDAP credential Authentication (See Note Below).
- Authorization Domain/Suffix - Enter the user authorization suffix to allow username only (example - for firstname.lastname@example.org enter example.com).
- Select Save Server Settings to continue.
- Expand the new LDAP tree that appears in the window, and check the box next to the group(s) which you want to synchronize by clicking on them.
- Click the button labeled Apply.
- Click the button Labeled Synchronize Now.
Note - While you can optionally enable LDAP authentication after Active Directory Synchronization has been configured, It is important to remember that this setting replaces PIN authentication with LDAP Credential authentication, disabling pin number authentication for the User Interface.
Link to this page: