Filter
Top Products
Directory Operations
Polycom, Inc. 359
Accounts Required for the CMA System
CMA System Service Account
Before integrating the CMA system with an Active Directory forest, you must
create a service account for it in Active Directory. This service account is a
read-only user account that the CMA system uses to perform LDAP queries
against your Active Directory Global Catalog.
CMA System Computer Account
The CMA system requires a computer account to enable secure channel
communications with the Active Directory forest that is being leveraged for
authentication. This account must be pre-created and the password set by an
administrator from a Domain Controller.
Understanding Base DN
When the CMA system is integrated with an enterprise directory, the system
uses the baseDN to determine domains and manage directory searches.
The Base DN field is where you specify the distinguished name (DN) of a subset
of the Active Directory hierarchy (a domain, subset of domains, or
organizational unit) to which you want to restrict the CMA system search. It
acts like a filter.
By default, the Base DN field is empty. The first time you tell the system to
connect to the enterprise directory server, leave the Base DN field empty.
Once you have established a working connection with your Active Directory,
then you enter a Base DN.
The following table illustrates some basic examples of Base DN filter
expressions.
Note
When setting up a redundant CMA system, the redundant servers use the same
computer account to create their secure channel connection. The computer
account name does not have to match the host name of your CMA system server.
Search baseDN expression Description
(ou=CMAGroups,dc=example,dc=com) Include only groups and users which
reside within the CMAGroups OU in the
example.com domain.
(dc=example,dc=com) Include only groups and users which
reside within the example.com domain
or domain tree.