![]() |
The enterprise directory user authorization policy relies on the LDAP enterprise directory for user authorization. DMCC applications can take advantage of this capability.
To implement the enterprise directory authorization policy you must administer the settings on the Enterprise Directory page in the AE Services Management Console. The following settings on the Enterprise Directory page are critical to this authorization method:
Search Filter Attribute Name — This indicates the attribute name in the user record that corresponds to username. DMCC will attempt to match a username to the contents of this attribute. An example is "SAM-Account-Name" in Windows Active Directory.
Device ID Attribute — This indicates the attribute name in the user record that corresponds to the device ID to be authorized for the user. A primary example here is an attribute such as "Phone Number" that contains a provisioned E.164 number for users.
When this authorization mechanism is selected, DMCC uses LDAP to query the user record for the provisioned device ID (such as the phone number). DMCC then caches the retrieved device ID. When DMCC attempts to authorize a request, it verifies that the device ID retrieved from the user record is a substring of the device ID specified in the request. This allows per-user authorization without per-user provisioning in AE Services. The substring match accounts for a very common scenario where a Tel URI is specified in the request (tel:+13035381234) but the user record contains an E.164 number (+13035381234) or extension (5380112).
For more information about leveraging advanced authentication (AA) policies from DMCC applications, see the following documents:
Avaya Aura®Application Enablement Services Device, Media, and Call Control Java Programmer 's Guide, 02-300359
Avaya Aura®Application Enablement Services Device, Media, and Call Control XML Programmer's Guide, 02-300358