When configuring Mediasite to use Lightweight Directory Access Protocol (LDAP) for authentication, you must complete set up of at least one connection to your enterprise LDAP Directory. If you are unsure of the values required to complete this form, please consult with your Network Administrator. Many time, Network Administrators have completed similar configurations for other applications and can assist with completing this configuration.
Setting up an LDAP Integration
Discovering User and Group Attributes
When configuring the directory integration, it is helpful to have access to an LDAP Attribute Editor tool. These types of tools will allow you to view the user and group properties (e.e. User ID, Display Name, Email) that are required by Mediasite.
Connecting Your LDAP Directory to Mediasite
- Browse to the Management Portal
- Click: Security > Security Providers
- Click: Add
- Complete the form
- Click: Test Connection
- If test passes, click Save
Directory Connection Server
| Field | Sample Value | Description |
|---|---|---|
| Name | LDAP | The friendly name of the Security Provider |
| Provider Type | LDAP Directory | |
| Server Path | LDAP://companydirectory.com | Enter the pat of the directory. The path should include the FQDN or IP address of the server where the directory is located and the port. The default LDAP port is 389. The default Global Catalog port is 3268. Your LDAP Administrator will provide this value. |
| SSL | Enabled or Disabled | Your LDAP Administrator will provide this value. |
| Base DN | DC=company,DC=com | The base DN of you AD. Your Ad Administrator will provide this value. |
Directory Connection Credentials
| Field | Sample Value | Description |
|---|---|---|
| Username | Username of the domain account used to bind to your LDAP Directory. Ensure the username has the rights to search the entire directory for Users and Groups. | |
| Password | Password of domain account. | |
| Use Anonymous Authentication | Unchecked | |
| Advanced Settings | Access group membership via the user directory entry or Access group membership via a group search | Check with your LDAP administrator for the proper value. |
| Do not use Fast Bind even if the directory declares support for Fast Bind | Unchecked | Typically, this value is left unchecked unless your LDAP administrator advises you to enable it. |
User Configuration
| Field | Sample Value | Description |
|---|---|---|
| User DN | DC=company,DC=com | Description of users within your LDAP Directory. |
| User ID Property Name | SAMAccountName or UserPrincipalName | The username that will be used within Mediasite (e.g. john.smith). Ideally, this username should match the username values of other systems on your network. |
| User Display Name Property Name | displayname commonname name cn | The display name of the user account (e.g. John Smith) |
| Email Property Name | ||
| Group Membership Property Name | memberOf | |
| User LDAP Search Filter | &(objectClass=User) |
Groups Configuration
| Field | Sample Value | Description |
|---|---|---|
| Groups DN | DC=company,DC=com | Location of Group accounts within your LDAP Directory. |
| Group ID Property Name | cn | |
| Group Display Name Property Name | cn | |
| Group Member Property Name | member | |
| Group LDAP Search Filter | (objectClass=Group) | |
| Perform a nested group search | Checked | |
| Determine group memberships using security groups | Checked | Typically, this value is checked. Consult your Network Administrator if you are unsure of the proper value. |
Search Configuration
| Field | Sample Value | Description |
|---|---|---|
| Page Size | 1000 |
User Profile Provisioning
| Field | Sample Value | Description |
|---|---|---|
| Automatically create User Profiles on Login to My Mediasite or Management Portal | Checked | |
| Display Name Attribute | displayname commonname name cn |
Searching Multiple Role Providers
When multiple directories are being connected to Mediasite (e.g. Mediasite Directory and LDAP), it’s helpful to instruct Mediasite to look through all connected directories when a user log in. This can be helpful for advanced integrations. To enable this feature:
- Browse to the Management Portal
- Click: LMS Integration > Site Properties for SSO
- Check: Enable searching all role providers
Was this Information helpful?
Let us know if you found this lesson helpful. That’s the only way we can improve.