If LDAP is enabled but not configured correctly you will get locked out of the SBC, not even the local SBC accounts can access the gateway. So make sure that you don't close your browser window in the middle of the config, or even let the timeout for access be reached...
Under "Setup --> IP Network -->Radius & LDAP"
Select "LDAP Settings"
Change the "LDAP Service" to enabled, and change the "LDAP Authentication Filter" to (sAMAccountName=$). Making sure that the () are included
As always the lighting bolt icon means that a reboot is required.
Under "LDAP Service Groups"
Select "New" and complete with the following details, make sure that "Type" is set to Management
Under "LDAP Servers"
Select "New" and enter the required details:
LDAP Server Group --> >name of the server group from "LDAP Server Group"
LDAP Password is ALWAYS --> $
LDAP Bind DN is --> $@'domain.com'
Management Attribute --> memberOf
LDAP Server IP --> IP Address of DC
Under LDAP Servers, select "LDAP Servers Search Base DNs"
Select "New" and enter the base DN to start searching within AD.
Under LDAP Servers, select
Select "New" and enter the AD group to check for membership.
Troubleshooting
- "LDAP Authentication Filter" to (sAMAccountName=$). Make sure there are no "quotes" around the entry in the WebGUI
- Under the AdminPage update the "LDAPDEBUGMODE" value to be 3 (0 default, 3 highest level) then details can be checked in syslog.