Create an LDAP Query

LDAP queries are the primary way in which the AAA Server identifies your users and which device they are assigned.

1. In the tree in the left pane, right-click on LDAP, then select New LDAP query from the menu.

   
   

2. Enter a name for the query.

   Select a name that lets you easily identify the users that the query is to locate (for example, geographic location, type of job, or position).

3. Click OK.

   The following dialog box is displayed in the Administration Console. AAA Server automatically fills in the Name, Host, Port, and Login DN fields (information collected from the LDAP connection settings).

   
   

4. In the Filter field, specify selection criteria for the query. Use LDAP V3 syntax.

   For example, you might create a filter for Quality Assurance Managers that looks like this:
   cn=QA Managers,ou=groups,dc=aaa,dc=com

5. Use the LDAP Scope options to set the scope of the LDAP query search.

   • One level - starts a one level search in all the LDAP directory’s leaves located under the "ou" specified in the Branches section of the screen.
   • Subtree - searches in all the LDAP directory’s leaves directly located under the "ou" specified in the Branches section of the screen.

6. Click Add in the LDAP Branches section of the screen to select one or more LDAP organizational units or branches from which to start the user search.

   
   

7. Define the DN of the branch or organizational unit from which to search. Do one of the following:

   • Enter the distinguished name (DN) of your organizational unit (the DN represents both an entry’s name and its location in a LDAP directory).

   • Click View tree to browse for the desired DN. The following illustration is an example of the dialog box that is displayed if the View tree button is clicked:

     
     
     

8. In the Filter field, specify the selection criteria for the branches. If necessary, click Refresh to display the branches.
9. Select the branch you want to use for creating the new query.
10. Click OK to return to the LDAP Branch screen.
11. Click OK in the LDAP Branch screen. The DN of the selected branch is displayed in the Branch area of the query window. (You can add multiple branches. Repeat step 6 as needed.)

12. To have extra attributes returned by your query, click Add in the Additional LDAP Field portion of the screen.

    

    The AAA Server can use these LDAP attributes for filters at the group level or in the parameter fields for Authorization and Accounting profiles.

13. Click Test to test the new query and verify that you have entered all data accurately.

    An LDAP Test window is displayed.

    Each user’s device serial number is displayed in a Device Serial Number column. If you configured extra LDAP attributes to be returned, these appear as extra columns. The example shown here assumes that displayName, homePhone, and Department were added as extra attributes.

    

14. Click Save and export the query to the AAA Server. See Export Data to the AAA Server(s).