External Services Settings
Use this panel to enable and configure Email integration. Asterisks indicate required fields.
Status
Click the toggle switch to enable / disable Email integration.
Sender Address
Enter a sender address for emails sent from DDM.
Server Details
| Hostname | Enter the hostname or IP address for your Email server. |
| Port | Enter the port used to connect with your Email server to send outgoing mail. The default port for SMTP / StartTLS is 25, and the default port for SMTPS is 465. |
| Encryption | If your Email server is configured to use an encrypted connection, select the appropriate encryption protocol here to enable encrypted communication between DDM and the Email server (supported protocols are SMTPS and StartTLS). |
Credentials
These fields are not required if the Email server does not use username / password authentication.
| Username | Enter the username for the email account that will be used by DDM for sending email. |
| Password | Enter the password for the email account that will be used by DDM for sending email. |
LDAP
Use this panel to enable and configure LDAP integration.
LDAP integration adds the users specified in the LDAP settings to the DDM user pool. LDAP users are able to log in to the DDM user interface and Dante Controller using their credentials from the directory server.
Status
Click the toggle switch to enable / disable LDAP integration.
Server Details
| Hostname | Enter the hostname or IP address for your directory server. |
| Port | Enter the port used to connect and authenticate with your LDAP server. The default port for LDAP / StartTLS is 389, and the default port for LDAPS is 636. |
| Encryption | If your LDAP server is configured to use an encrypted connection, select the appropriate encryption protocol here to enable encrypted communication between DDM and the LDAP server (supported protocols are LDAPS and StartTLS). |
Credentials
Dante Domain Manager requires the ability to read all relevant user records in the LDAP database. You must create an LDAP account with sufficient permissions to search the LDAP database for any user objects and attributes that you access in this panel or the LDAP Groups panel. Write access is not required.
| Read-only Bind |
Enter the full bind string for the administrator user. |
| Password | Enter the password for the administrator user. |
| Test Connection | Click to test the server connection. If successful, a green check mark is displayed. |
Directory Entry Attributes
| Search Root |
Enter the full search root for the users that you wish to add to the DDM user pool. |
| Login Name Attribute | Enter the LDAP attribute that users will use to log in to DDM and Dante Controller (must be unique). |
| Email Attribute | Enter the LDAP attribute that DDM will use for email notifications. |
| Name Attribute | Enter the LDAP attribute that DDM will use for displayed names. |
Example
- Search root: ou=users,dc=example,dc=com
- Login name attribute: userId
- Email attribute: mail
- Display name attribute: cn
When user BJones tries to log in, the Dante Domain Manager will search the LDAP subtree from users,example,com for a node with userId=BJones. Bruce's e-mail will be extracted from the LDAP attribute mail and his display name from the LDAP attribute cn.
LDAP Groups
Click to define LDAP groups and assign privileges for each group.
LDAP Groups
Use the LDAP Groups panel to define groups of LDAP users for the assignment of DDM privileges.
Note: Groups defined here are defined only on the DDM server. No changes are sent to the LDAP server.
Group Details
| Name | Enter a name for the group. |
| LDAP Query |
Enter a query that returns the LDAP nodes belonging to users in the group. |
| Test Query | Llist the users who match the current query. |
Example
We want to create a group that gives members of the "tech team" domain administrator access. As it happens, the tech team can be identified in our LDAP database by the attribute team=tech on all members of the tech team.
- Name: Tech team
- LDAP Query: (team=tech)
- Privileges:
- Default: domain administrator
memberOf queries will also work, but the syntax is a lot more verbose than simply having an attribute on the LDAP node.
Further example:
At some point, we add some casuals to the tech team. We don't want casuals having domain administrator access, except in the "Demo Room".
First, we modify the "Tech Team" group:
- LDAP Query: (&(team=tech)(!(role=casual)))
Then we create a new group:
- Name: Tech team casuals
- LDAP Query: (&(team=tech)(role=casual))
- Privileges:
- Default: operator
- Domain "Demo Room": administrator
- Domain "Private Studio": none
Note: A user can be a member of more than one group; their privileges add together between groups. Domain-specific privileges override default privileges for a particular group, but will not remove default permissions granted by a different group.
Note: The results from "Test Query" might include entries that say Missing. In this case, the query is matching nodes that do not contain one or more of the user attributes configured above. Consider adding additional conditions to the query to remove those cases.
Example:
Query (!(role=manager)) will return all nodes that do not have a role attribute that equals manager, which might include some unwanted nodes.
Query (&(userId=*)(!(role=manager))) only considers nodes that have a userId (and are not managers).
Privileges
Select the default role for the group.
Domain-specific Privileges
Optionally add one or more domain roles for the group.
See About User Roles for more information about default and domain roles.
SNMP
Use the SNMP panel to enable integration with an SNMP server.
When enabled, DDM becomes a read-only SNMP agent. Status information available in the DDM MIB includes core DDM functionality, licensing, external services, domains and devices.
The DDM supports two notifications (traps) to indicate that data has changed. One notification covers external services and core DDM functionality. The other covers health and connectivity of domains and devices. Upon notification, the MIB can be polled by the external SNMP management system to identify the specifics of the change. This could trigger alarms or other actions.
DDM supports SNMPv2c.
Status
Click the toggle switch to enable / disable SNMP integration.
Community Password
Provide the community password for your SNMP server.
System Contact
Provide contact details (for example, an email address) for your SNMP system administrator.
System Location
Provide information about the physical location of the SNMP server (for example, 'Rack 2 in server room B').
Add Endpoint
Adds a notification endpoint (for example, an NMS). DDM will send traps to all endpoints configured here.
| Hostname | Enter the hostname or IP address for the SNMP endpoint. |
| Port | Enter the port number used by the SNMP endpoint for incoming traps (typically 162). |