Course12:Advanced - Corporate Directory

From innovaphone wiki
Jump to navigation Jump to search
There are also other versions of this article available: Course11 | Course10 | Course12 (this version)

How to setup a central phone book for the IP phones using LDAP.

LDAP

LDAP stands for Lightweight Directory Access Protocol and is now the de-facto standard for accessing information held within so-called Directory Servers. The current version LDAPv3 is implemented in innovaphone products.

The protocol implies operations like: Bind, Search, Add, Delete,…. The operations in turn are realized through messages. The two operations used by the directory application are listed below.

All of those can be taking place between a client and a server, immediately after a TCP connection (port 389) has been established towards the server end.

  • Bind operation: This operation handles authentication issues. It is executed once in a session. While LDAP itself is offering a wealth of authentication methods, the innovaphone products currently only support clear-text authentication.
    • The Messages are: Bind Request and Bind Result
  • Search operation: A client is sending a so-called LDAP Search Filter within a Search Request. This filter details what is being searched for.
    • The Messages are: A single Search Request, zero or more Search Result Entry messages and a completing Search Result Done.



Phone LDAP Client

The integrated LDAP client of the innovaphone IP phones can be used via the phone menu for lookups of telephone numbers and for reverse lookups of names at incoming calls.

An innovaphone IP phone can use up to 3 directories for each registration (fish-help.png Phone/User/Directories):
  • a local directory - the entries are stored on the phones flash memory - the user can add entries to this phone book directly on the phone
  • the PBX directory - points automatically to the LDAP server of the registration PBX - the entries are objects in the PBX
  • an external LDAP server - can be configured to use any LDAP server - the entries are maintained in the LDAP servers database



The phones directory search application sends search requests to the local phonebook, the PBX LDAP server and an external LDAP server simultaneously, every time a letter is typed on the phone-keyboard. The query results are mixed and displayed in one list on the phones menu.

Configuration


The configuration of directory settings is different for each registration on the IP phone. The directory settings of the first registration are overridden by the configuration provided in the DHCP options.

Beside server address and credentials the LDAP client configuration for external LDAP server contains following options:
  • Search base - defines in which sub-tree of the LDAP server the search is performed.
  • Mode - basic is a good choice in most cases. For other options please refer to the fish-help.png wiki.
  • Object filter - used if LDAP directory contains not only phone numbers or persons but other objects that are not supposed to be found (e.g. Computer Accounts in Active Directory). Leave it empty, if you know that only phone numbers are stored in the LDAP database.
  • Sort results (by 1st LDAP name attribute) - can be used to request the server to sort results. If basic mode is used, leave it empty, since the LDAP client will sort the entries locally.
  • Name attributes - comma separated list of up to 3 names of attributes identifying a person, for example sn,givenName,company. Search results are sorted by the LDAP client in the order given by this list.
  • Number attributes - defines which attributes contains numbers and how to mark different number types. This comma separated list is limited to 10 entries.
  • H.323 ID attribute - since calls in H.323 are possible by name, instead to set up a call by the phone number, the attribute storing the h323-id can be provided here.

The configuration of LDAP client on the IP phones can be found at the registration specific Directories tab fish-help.png Phone/User/Directories, but should be configured generally via DHCP options. How to find out which exact option string should be used is described in the wiki article about the fish-help.png DHCP client.

For more advanced configuration examples of LDAP client for a usage with miscellaneous LDAP servers please refer to the wiki article fish-help.png How to configure the IP200 LDAP client.

Dialing Location

The Dialing Location of the IP phone is used to prepare the number to dial, delivered by the LDAP server, in a format that is suitable for this phones environment circumstances. Since the LDAP server delivers usually only the numbers in international format E.123, the phone requires additional information to be able to dial the number. This can be a trunk number, that must be dialed before the number is dialed or it can be a national or international prefix. Also for internal numbers stored in E.123 it is necessary to know the own country code, area code and subscriber number, in order to cut off this digits before dialing the internal number. The Dialing Location information should contain following data:
  • Country Code
  • Area Code
  • National Prefix
  • International Prefix
  • External Line
  • Subscriber Numbers
For example a number +49 7031 730090 is delivered by the LDAP server and the phones Dialing Location is Germany (+49), Area Code is 7031, National Prefix is 0, International Prefix is 00, the Trunk Line number is 0 and Subscriber Number is 34567. The phone will cut 49 from the number(because it is in the same country) and will add the National Prefix 0. The resulting number 07031730090 will be pre-pended by the Trunk Number 0. At the end the phone will dial 007031730090. The same number delivered to the phone with dialing location in Norway (Country Code +47, Trunk Line 9) will dial 9 for Trunk Line, 00 for International Prefix and number 497031730090 = 900497031730090.

For more detailed information about the numbering plan in a particular country refer to the World Telephone Numbering Guide.

External Line and Reverse Lookup Restriction


If the prefix for External Line is provided, no reverse lookups are performed for numbers not beginning with this prefix.

This could be problematic in some scenarios. For internal calls via H.323 this is not a problem, since H.323 Name is transmitted by the call signaling. But in case the call passes ISDN (e.g. in overflow scenario) and H.323 name information is lost, no reverse look up is possible. Or internal calls from looped-in PABX are also not resolved if EDSS1 is used instead of Q.SIG.

PBX LDAP Server

The innovaphone PBX built in LDAP server is primarily designed for two objectives: provide phone numbers and names of PBX internal users for local phones and to serve replicator requests from LDAP slaves.

Configuration


In addition to the credentials configuration, fish-help.png the configuration of the PBX LDAP server includes also the fish-help.png LDAP Replicator configuration and fish-help.png an Expert View on the local LDAP database.

The LDAP server on the gateway running a PBX is preconfigured to serve the registered phones with names and numbers of internal users. For this purpose a read-only user ldap-guest with password ipxxx is configured on the LDAP server. This credentials are also by default configured on the IP phones. This default account is affected by the PBX object property Hide from LDAP, which will be only applied to LDAP clients that are using this default account ldap-guest while accessing the LDAP server on the PBX. This means, it will not affect replication to other PBXs.

Restrictions


The phone number attribute(e164) delivered by the PBX LDAP server is always a pure node extension - in other words no node prefix is added to the number. Example: a user object with number 123 is in the node with number #99 configured. Even if in the PBX Objects list the number is displayed as #99.123, the LDAP server will deliver only 123. The reason for this is that the LDAP server has no knowledge about the whole Node Tree.


External LDAP Servers

Innovaphone recommends to use ESTOS MetaDirectory as an external LDAP server for the corporate directory. Anyway it is possible to use other LDAP servers as a corporate directory. The list of tested servers and configuration recommendations are available in the wiki article fish-help.png How to configure the IP200 LDAP client.

Phone Book for Multi-Site

In a multi-site scenario with partially replicated slaves, the LDAP server of a slave PBX does not contain a complete phone book for internal numbers.

The solution is to use LDAP Server of the Master PBX for internal numbers.

Other scenarios


In some scenarios it is useful to replicate all PBX Users to an external LDAP Database. Please refer to the wiki article fish-help.png Import PBX userlist into ESTOS MetaDirectory using LDAP if a flat numbering plan is used or structured numbering plan with small number of nodes is used.

For scenarios with a large number of sites or for E.164 like scenarios it is not applicable to use LDAP replication because of large number of required LDAP replicators in the ESTOS MetaDirectory. Instead to use PBX LDAP Server, fish-help.png an export of the PBX users via XML can be done. Afterwards the CSV-File fish-help.png can be imported to the MetaDirectory using a single replicator.

Debugging

When you do not receive the results you are expecting, you may want to turn on extended tracing on the affected IP phone as follows:

http://172.31.21.10/!config add PHONE APP /trace
http://172.31.21.10/!config add PHONE DIR-UI /trace
http://172.31.21.10/!config add PHONE DIR /trace
http://172.31.21.10/!config add LDAPDIR0 /trace
http://172.31.21.10/!config activate