The Lightweight Directory Access Protocol (LDAP) Client Configuration form is used to provide configuration data for LDAP clients to connect either to the embedded MiVoice Business LDAP server or to an external LDAP server.
NOTE: LDAP Client Configuration is not applicable to the 6905 and 6910 IP Phones.
This form supports the following:
The 69xx series phones' Contacts application, which uses the Lightweight Directory Access Protocol (LDAP) to obtain user data from either:
the embedded MiVoice Business LDAP server, or
an external LDAP server
The Multilingual Name Display Using External LDAP functionality, which obtains directory data from an external LDAP server for call display.
The embedded MiVoice Business LDAP server provides access to the MiVoice Business Telephone Directory that can be used as a directory for the Contacts application in the 69xx series IP phones.
The 69xx series IP phone connects and binds to the embedded LDAP server when the Contacts application is opened, and disconnects when the application is closed (manually or when the search timeout expires or when updates are complete).
NOTE: The 69xx series IP phones are the only clients supported by the embedded MiVoice Business LDAP server.
An external LDAP server can also be used as a directory for the Contacts application in 69xx series IP phones.
When the 69xx series IP phone loads its applications, the MiVoice Business system provides LDAP client configuration parameters, allowing the Contacts application to connect to the LDAP server and obtain directory data. This data is always cached on the set.
The 69xx series IP phone periodically (as defined by the Resync parameters in this form) connects and binds to the external LDAP server to update its cached Corporate Directory - at least once per day. Once the update is complete, the 69xx series IP phone unbinds from the LDAP server. The Corporate Directory refresh occurs when there is no database or when the configuration changes significantly. A failover/failback or an HDU login/logout causes an LDAP configuration to be sent to the device, which can trigger the refresh. As only the configuration of each client profile is shared, the profile selected on a specific node is not shared through SDS. Changing the IP of the network element used as the LDAP server (including the local one) or changing the selected profile in the System Options form can cause the 69xx series IP phones to re-download the corporate directory cache.
An external LDAP server can be used for the Multilingual Name Display Using External LDAP functionality.
NOTE: The MiVoice Business system supports only LDAP v3 the Multilingual Name Display Using External LDAP functionality.
The connection to the external LDAP server is established when the LDAP server field is set to a valid external LDAP server IP address. For other fields that are required for Multilingual Name Display Using External LDAP, see Field Descriptions below.
Changes to any of the following fields causes the MiVoice Business client to disconnect from the external LDAP server, cancelling all ongoing searches, and clearing cached data.
The LDAP Client Configuration Profile ID #2 field in the System Options form
LDAP Server (if changed to Local)
LDAP Server Location
LDAP Base DN
Username
Password
Number Search Filter
Number Search Length
Search Scope
First Name
Last Name
Connection Security
The corresponding network element in the Network Elements form
Changing the Client Status field to Disabled disconnects the LDAP client from the server and cancels all ongoing searches without clearing the cache.
When the MiVoice Business system is rebooted, the MiVoice Business LDAP client re-initiates the connection with the external LDAP server.
In case of a connection failure, an active call is continued with the existing call display (the existing name from the Telephone Directory form or the name received from the PSTN), and re-connection attempted.
NOTE: The MiVoice Business system does not support any alarm to indicate the external LDAP server disconnection or connection failures.
This form consists of two tabs:
Configuration: lists all the configuration parameters required for the LDAP client to connect to an external LDAP server or when using LDAP over MiNET.
Mapping Attribute List: maps each LDAP client field to a list of comma separated LDAP directory server attributes.
Up to 10 profiles can be configured in MiVoice Business Release 8.0 SP2. By default, all profiles are preconfigured as LDAP over MiNET (local).To modify a profile or create a new profile, select a profile from the list, click the Change button and re-configure the required fields.
An LDAP server configured in the IDS Connection form cannot be configured as the LDAP server in the LDAP Client Configuration form.
If Directory Server network element associated with one of the LDAP profiles is deleted using the Remove NE command, the profile automatically reverts to LDAP over MiNET (local).
Changing the IP of the network element that is used as the LDAP server (including the local one) or changing the selected profile in the System Options form causes:
the 69xx series IP phones to re-download the cache for the Contacts application.
the MiVoice Business client to disconnect from the external LDAP server, cancel all ongoing searches, and clear cached data for the Multilingual Name Display Using External LDAP.
For any blank fields in this form, the 69xx series IP phone uses default values for the Contacts application.
The search parameters are pre-defined; only the maximum time limit can be configured.
The LDAP search will be parsed and transliterated, if required. UTF8 names are supported whether system option "Multilingual Name Display" is enabled or disabled. Only entries marked in the Telephone Directory form as "Include in Phonebook" will be included.
The 69xx Corporate Contacts application has a maximum limit of 50 results per search.
The MiVoice Business system supports a maximum of 20 simultaneous users using the Corporate Contacts application. Any additional users are rejected.
During a database restore, the Corporate Contacts application is not supported.
Private entries are not available to the Corporate Contacts application.
Sets do not support entries with no number.
For any blank fields in this form, the set uses default values for the Contacts application.
Sets do not support an encrypted connection with an external LDAP server.
Sets query for all entries within the given search filter. However, the server may limit the number of entries returned. The administrator must manage the server to ensure all entries are returned.
Sets do not support entries that contain no number.
Sets build their cache through a series of searches by replacing the % character in the search filter sn=% with 0 through 9, and then a through z.
This Multilingual Name Display Using External LDAP functionality supports only an IP address for the LDAP server. FQDN is not supported. Ensure an IP address is configured in the FQDN or IP Address field in the Network Elements form.
The Number Search Filter field in the LDAP Client Configuration form must specify a valid search filter with a % character.
The Client Status field in the LDAP Client Configuration form must be set as Enabled. The Client Status field can be set to Disabled to perform temporary external LDAP server maintenance.
UTF-8 character set is supported.
Ensure that only entries suitable for call display are returned during a search. To ensure this, limit the search results to only valid entries using LDAP Base DN, customizing Number Search Filter, or the Access Control List (ACL) rules assigned to credentials. For more information on the ACL rules of an external LDAP server, see www.openldap.org.
Ensure that the external LDAP server is configured with an idle timeout greater than 10 minutes to reduce the necessary re-connection time, which may impact call display.
Parameter |
Description |
Applicable client |
Default Value |
Configuration |
|||
Profile ID |
Identifies the profile. Read-only and protected field. |
None | 1..10 |
Profile Name |
Enter a name (up to 20 characters) displayed with the Profile ID when selecting profiles in the System Options form. |
None | Blank |
LDAP Server |
Select the LDAP server for the client. If you select "Local", the Contacts application client obtains directory data using an internal LDAP over MiNET server. If you select a Directory server-type Network Element, the Contacts application or the Multilingual Name Display Using External LDAP functionality directory data using an external LDAP server The selected server determines the default values for most fields in this form. |
Local |
|
LDAP Server Location |
Displays the IP address or FQDN of the server as configured in the Network Elements form. Read-only and protected field. |
IP or FQDN |
|
LDAP Server Port |
Enter the LDAP port number of the external LDAP server. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
389 |
|
LDAP Base DN |
Enter the root of directory (up to 255 characters in LDAP distinguished name (LDAP-DN) format) to be searched. Read-only for client the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
Blank - for external LDAP server; <MiVB domain name in LDAP-DN format> or dc=my-domain,dc=com - for LDAP over MiNET |
|
Username |
Enter the user name (up to 256 characters in a format supported by the LDAP server) to access the LDAP server. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
Blank - for external LDAP server; cn=admin,<LDAP Base DN> - for LDAP over MiNET |
|
Password |
Enter the password to access the LDAP server. Read-only for he 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
Blank - for external LDAP server; “secret” - for LDAP over MiNet |
|
Common Name Attribute |
Enter attribute to be used by the client when there is no first or last name in the search results. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
cn |
|
Client Status |
Enable or disable the client connection to the LDAP server. |
Enabled |
|
Resync Time |
Enter the time (00:00 to 23:59) of day that the client updates cached directory data in HH:MM format. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
02:00 |
|
Resync Days |
Enter the number of days (0 to 365) the client waits before updating the cached directory data. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
0 |
|
Resync Max Delay |
Specify the maximum delay (0 to 1439 minutes) for the re-sync to occur. Read-only for the 69xx series IP phones' corporate contacts application using the LDAP server. |
30 |
|
Search Timeout |
Enter the maximum length of time (0 to 120 seconds) that the server can take to complete the LDAP search. A value of 0 (zero) indicates no time limit. |
30 |
|
Network Timeout |
Enter the maximum length of time (1 to 120 seconds) for the set to bind to the server. |
30 |
|
Search Scope |
Enter the scope for search. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. base - search only the base and none of its subordinates; children - search all of the descendants, not the base; one-level - search only the immediate children of the base and not the base or any descendants of the immediate children of the base; subtree - search the base and all of its subordinates to any depth |
subtree |
|
Search Filter |
Enter the filter for the LDAP searches. The string must contain the % sign. Read-only for he 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
(&(sn=%1)(gn=%2)) - for LDAP over MiNET (sn=%) - for External Directory server |
|
Use ISO-8859-1 Encoding |
Indicate whether the set should expect Extended ASCII characters instead of UTF8 characters. Read-only for he 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
No |
|
Cache Directory |
Indicates whether the client caches the directory or uses on-demand queries. Select Yes for external LDAP server and No for LDAP over MiNet. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
No |
|
Number Search Filter |
Enter the filter for the LDAP number search. The string (0 to 256) must contain the % sign. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. No search is performed if the field is blank. This field can also be used for searching multiple fields. For example:
|
(telephoneNumber=%) |
|
Number Search Length |
Enter the maximum number of digits (1 to 15) of the telephone number to be used for the search. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. This field also removes international dialing prefixes, country codes, area codes as needed, including ARS dialing prefixes for outbound Alpha Tagging. |
10 |
|
Connection Security |
Indicate the level of security of the LDAP connection. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
No Encryption (for LDAP over MiNET) Start TLS (for external LDAP server) |
|
Mapping Attribute List |
|||
First Name |
Enter the LDAP attribute (up to 64 characters) that corresponds to the First Name. Read-only for he 69xx series IP phones' corporate contacts application using the embedded LDAP server. For clients A and B, enter a comma separated list of LDAP attributes. For client C, enter the LDAP attribute. |
givenName |
|
Last Name |
Enter the LDAP attribute (up to 64 characters) that corresponds to the Last Name. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. For clients A and B, enter a comma separated list of LDAP attributes. For client C, enter the LDAP attribute. |
sn |
|
Business City |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Business City (locality). Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
l |
|
Business Country |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Business Country. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
co or blank (for LDAP over MiNET) |
|
Business Department |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Business Department (organization unit). Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
ou |
|
Business Phone 1 |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Business Phone 1. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
telephoneNumber |
|
Mobile Phone |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Mobile Phone. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
mobile or blank (for LDAP over MiNET) |
|
Other Phone |
Enter a comma separated list of LDAP attributes (up to 64 characters) that corresponds to Other Phone. Read-only for the 69xx series IP phones' corporate contacts application using the embedded LDAP server. |
IpPhone or blank (for LDAP over MiNET) |
|