Course12:Advanced - Corporate Directory: Difference between revisions
(New page: {{#moodlebook: Master Templates / V12 Templates / Advanced | Corporate Directory | 121 }}) |
m (Protected "Course12:Corporate Directory" [edit=sysop:move=sysop]) |
(No difference)
|
Revision as of 11:17, 24 March 2016
How to setup a central phone book for the IP phones using LDAP.
LDAP
LDAP stands for Lightweight Directory Access Protocol and is now the de-facto standard for accessing information held within so-called Directory Servers. The current version LDAPv3 is implemented in innovaphone products.
The protocol implies operations like: Bind, Search, Add, Delete, . The operations in turn are realized through messages. The two operations used by the directory application are listed below.
All of those can be taking place between a client and a server, immediately after a TCP connection (port 389) has been established towards the server end.
- Bind operation: This operation handles authentication issues. It is executed once in a session. While LDAP itself is offering a wealth of authentication methods, the innovaphone products currently only support clear-text authentication.
- The Messages are: Bind Request and Bind Result
- Search operation: A client is sending a so-called LDAP Search Filter within a Search Request. This filter details what is being searched for.
- The Messages are: A single Search Request, zero or more Search Result Entry messages and a completing Search Result Done.
Phone LDAP Client
An innovaphone IP phone can use up to 3 directories for each registration (
- a local directory - the entries are stored on the phones flash memory - the user can add entries to this phone book directly on the phone
- the PBX directory - points automatically to the LDAP server of the registration PBX - the entries are objects in the PBX
- an external LDAP server - can be configured to use any LDAP server - the entries are maintained in the LDAP servers database
The phones directory search application sends search requests to the local phonebook, the PBX LDAP server and an external LDAP server simultaneously, every time a letter is typed on the phone-keyboard. The query results are mixed and displayed in one list on the phones menu.
Configuration
The configuration of directory settings is different for each registration on the IP phone. The directory settings of the first registration are overridden by the configuration provided in the DHCP options.
Beside server address and credentials the LDAP client configuration for external LDAP server contains following options:
- Search base - defines in which sub-tree of the LDAP server the search is performed.
- Mode - basic is a good choice in most cases. For other options please refer to the wiki.
- Object filter - used if LDAP directory contains not only phone numbers or persons but other objects that are not supposed to be found (e.g. Computer Accounts in Active Directory). Leave it empty, if you know that only phone numbers are stored in the LDAP database.
- Sort results (by 1st LDAP name attribute) - can be used to request the server to sort results. If basic mode is used, leave it empty, since the LDAP client will sort the entries locally.
- Name attributes - comma separated list of up to 3 names of attributes identifying a person, for example sn,givenName,company. Search results are sorted by the LDAP client in the order given by this list.
- Number attributes - defines which attributes contains numbers and how to mark different number types. This comma separated list is limited to 10 entries.
- H.323 ID attribute - since calls in H.323 are possible by name, instead to set up a call by the phone number, the attribute storing the h323-id can be provided here.
The configuration of LDAP client on the IP phones can be found at the registration specific Directories tab
For more advanced configuration examples of LDAP client for a usage with miscellaneous LDAP servers please refer to the wiki article
Dialing Location
- Country Code
- Area Code
- National Prefix
- International Prefix
- External Line
- Subscriber Numbers
For more detailed information about the numbering plan in a particular country refer to the World Telephone Numbering Guide.
External Line and Reverse Lookup Restriction
If the prefix for External Line is provided, no reverse lookups are performed for numbers not beginning with this prefix.
This could be problematic in some scenarios. For internal calls via H.323 this is not a problem, since H.323 Name is transmitted by the call signaling. But in case the call passes ISDN (e.g. in overflow scenario) and H.323 name information is lost, no reverse look up is possible. Or internal calls from looped-in PABX are also not resolved if EDSS1 is used instead of Q.SIG.
PBX LDAP Server
Configuration
In addition to the credentials configuration, the configuration of the PBX LDAP server includes also the LDAP Replicator configuration and an Expert View on the local LDAP database.
The LDAP server on the gateway running a PBX is preconfigured to serve the registered phones with names and numbers of internal users. For this purpose a read-only user ldap-guest with password ipxxx is configured on the LDAP server. This credentials are also by default configured on the IP phones. This default account is affected by the PBX object property Hide from LDAP, which will be only applied to LDAP clients that are using this default account ldap-guest while accessing the LDAP server on the PBX. This means, it will not affect replication to other PBXs.
Restrictions
The phone number attribute(e164) delivered by the PBX LDAP server is always a pure node extension - in other words no node prefix is added to the number. Example: a user object with number 123 is in the node with number #99 configured. Even if in the PBX Objects list the number is displayed as #99.123, the LDAP server will deliver only 123. The reason for this is that the LDAP server has no knowledge about the whole Node Tree.
External LDAP Servers
Phone Book for Multi-Site
The solution is to use LDAP Server of the Master PBX for internal numbers.
Other scenarios
In some scenarios it is useful to replicate all PBX Users to an external LDAP Database. Please refer to the wiki article
For scenarios with a large number of sites or for E.164 like scenarios it is not applicable to use LDAP replication because of large number of required LDAP replicators in the ESTOS MetaDirectory. Instead to use PBX LDAP Server, an export of the PBX users via XML can be done. Afterwards the CSV-File can be imported to the MetaDirectory using a single replicator.
Debugging
http://172.31.21.10/!config add PHONE APP /trace
http://172.31.21.10/!config add PHONE DIR-UI /trace
http://172.31.21.10/!config add PHONE DIR /trace
http://172.31.21.10/!config add LDAPDIR0 /trace
http://172.31.21.10/!config activate