LDAP Authentication

Introduction

To be able to login in CallReplay with an LDAP account, the connection to LDAP server needs to be configured in CallReplay

Overview for LDAP connection and configuration

To have the best integration for LDAP server, we recommend Microsoft Active Directory.

Requirements

We recommend the forest and domain level to be at least Windows Server 2012 R2

Connection settings steps

Step 1. Go to System→ LDAP Authentication

Insecure Microsoft Active Directory Configuration example:

Step 2. Check “Use Active Directory / LDAP Authentication” and enter the bellow settings

Server Name:        LDAP Server FQDN (Fully Qualified Name) as example DC FQDN

                                    (wdc.record.local)

Server Port: LDAP server Port Number, for insecure connection (389,3268) and

                                    for secure connection (636, 3269)

TLS:                           Enabled for secure LDAP, Disabled for insecure LDAP

Method:                   Type of LDAP connection Methods. Available Methods are simple

                                    DIGEST-MD5 and GSSAPI

Default Domain:   Default domain used for user login as example (record.local)

KDC host:                 Kerberos host FQDN as example DC FQDN (wdc.record.local)

User Name: LDAP bind username. For Microsoft Active Directory can be normal

                                     domain user account. The username can be sAMAccountName or UPN

                                     for Microsoft Active Directory

Password:  LDAP bind username password

If you want to enable secure LDAP, then select “edit keystore” button and import the secure LDAP certificate, in PFX format as recommendation

Secure Microsoft Active Directory Configuration example:

Step 3. After you have entered the needed settings, please press the test button. If you receive a “Test Succeeded” message then if you have configured the LDAP connection from CallReplay server. If the message it is different, please review your settings.

Step 4. After the configuration it is tested with success, please press the save button.Make sure to have both “Use DB Authentication” and “Use Active Directory / LDAP

Authentication” enabled when you press the save button. We recommend having both  methods of authentication enabled, to Use DB Authentication as fallback to LDAP Authentication.

Use DB authentication it is the default method of CallReplay which has at least one user. It is the method used by CallReplay when it is installed.