Introduction to LDAP Authentication in Automate#

VOSS Automate supports LDAP authentication and can be used either standalone (LDAP Authentication only) or in conjunction with LDAP syncing of users:

LDAP sync and authentication

  • Users are synced in from LDAP.

  • LDAP authenticates these users.

  • LDAP user sync is available for Active Directory (AD) and OpenLDAP.

LDAP authentication-only (standalone)

  • Users are added locally or are synced in from CUCM.

  • LDAP authenticates these users.

  • Not available for OpenLDAP.

  • Requires VOSS Automate version 10.6(3) or later.

Note

  • VOSS Automate provides LDAP server support for case-insensitive search base DNs. For example, on an LDAP server, the following search base DNs are equal:

    • CN=Users,DC=example,DC=com

    • cn=Users,dc=example,dc=com

LDAP authentication workflow

  1. User provides their credentials in the VOSS Automate system Login page.

  2. Authentication request is sent to the relevant LDAP server(s), based on the user’s authentication setup:

    Default authentication setup

    Matching username and password

    • VOSS Automate username and password must match the username and password in the LDAP server (based on the LDAP field chosen for username).

    • Once authenticated, the LDAP username is mapped to VOSS Automate user to determine access, role, and so on.

    Alternative authentication setup

    Non-matching username and password

    VOSS Automate supports authentication for mapping non-matching usernames. This is useful where the username in VOSS Automate and the UC apps is different to the username in LDAP. For example, if the LDAP username is bobsmith but the username in VOSS Automate is bsmith, then choose LDAP as the authentication type and set the LDAP username (bobsmith in this case) to match the username of bsmith in VOSS Automate. You would do this via the LDAP authentication attribute, such as sAMAccountName, mail, or userPrincipalName (which define the field where the username is sourced from, and which is used to authenticate the user.)

Note

For LDAP authentication, the password rules of the VOSS Automate credential policy don’t apply as the password is managed in the LDAP directory. Other credential policy rules are applied (such as session length), as these are managed in VOSS Automate.

Related Topics