Category:HowTo:Directory:LDAP

From Snom User Wiki

(Difference between revisions)
Jump to: navigation, search
(Example Configuration)
(Replaced content with 'This page has been moved to https://service.snom.com/display/wiki/LDAP+Directory')
 
(38 intermediate revisions not shown)
Line 1: Line 1:
-
== Introduction ==
+
This page has been moved to https://service.snom.com/display/wiki/LDAP+Directory
-
If LDAP is properly configured, the phone performs a lookup on the LDAP server for any entries with a telephoneNumber attribute set each time you start entering a number or name on the phone keypad.
+
-
 
+
-
If you type in digits then the phone displays all entries where the telephoneNumber begins with the same number entered so far.
+
-
If you are typing in a name then the phone displays all entries where the displayName (or whatever name filter is set) begins with what has been entered so far. (This is not case-sensitive.)
+
-
 
+
-
Use the up and down arrows of the button [[Image:Navigation.png|20px]] to scroll through results and dial a highlighted entry by pressing [[Image:Ok_key.png|20px]].
+
-
 
+
-
== Usage ==
+
-
[[Category:HowTo:Directory:LDAP#Example_1:_LDAP_name_filter]]
+
-
There are two ways to perform a LDAP search on your phone:
+
-
 
+
-
#Simply start a search against LDAP by '''pressing a number'''. All corresponding entries will be shown accordingly to your query setup. Default edit mode is numeric.
+
-
#Allocate the [[Settings/F_DIRECTORY_SEARCH|Directory Search function]] to one of the function keys. To do so take the following steps:
+
-
## Navigate to the "Function Keys" Web User Interface page
+
-
##* Firmware Version [[Image:Fw-version-6.gif]] [[Web Interface/V6/Function Keys#Free Function Keys|Free Function Keys Section]]
+
-
##* Firmware Version [[Image:Fw-version-7.gif]] [[Web Interface/V7/Function Keys#Free Function Keys|Free Function Keys Section]]
+
-
##* Firmware Version [[Image:Fw-version-8.gif]] [[Web Interface/V8/Function Keys#Free Function Keys|Free Function Keys Section]]
+
-
## Choose one of the free function keys and select the "[[Settings/fkey_context|Context]]", i.e. the SIP identity.
+
-
## Choose the "[[Settings/fkey|Type]]" [[Settings/fkey/keyevent|"Key Event"]]
+
-
## Enter the value '''F_DIRECTORY_SEARCH''' in the "Number" field and press "Save".
+
-
 
+
-
[[Image:03_ldap_fkey.png|600px]]
+
-
 
+
-
== Configuration ==
+
-
 
+
-
The internal LDAP client can be configured at the [[Web_Interface/V7/Advanced#LDAP|LDAP Section]]  of your phone's Web User Interface (WUI).
+
-
In your snom phone you will see something like the following screenshot, For more details and comprehension see examples 1 to 6:
+
-
 
+
-
[[Image:screenshot-ldap1.png]]
+
-
 
+
-
=== Example Configuration===
+
-
 
+
-
You can use the below settings as a starting point and adjust the filter and display attributes according to your needs.
+
-
 
+
-
;[[Settings/ldap_search_filter|LDAP name filter]]
+
-
: (&(telephoneNumber=*)(sn=%)) --> [http://wiki.snom.com/Category:HowTo:Directory:LDAP#Example_1:_LDAP_name_filter Example 1]
+
-
;[[Settings/ldap_number_filter|LDAP number filter]]
+
-
: (&(telephoneNumber=%)(sn=*)) --> [http://wiki.snom.com/Category:HowTo:Directory:LDAP#Example_2:_LDAP_number_filter Example 2]
+
-
;[[Settings/ldap_server|Server Address]]
+
-
:[IP address or domain]. Examples: 192.168.1.100, ldap.uno.edu, ldap.company.com
+
-
;[[Settings/ldap_port|Port]]:
+
-
:[blank or specified LDAP port]
+
-
;[[Settings/ldap_base|Base]]
+
-
: DC=domain,DC=com --> [http://wiki.snom.com/Category:HowTo:Directory:LDAP#Example_3:_LDAP_Base Example 3]
+
-
;[[Settings/ldap_username|Username]]
+
-
:Admin
+
-
;[[Settings/ldap_password|Password]]
+
-
: PASSWORD
+
-
;[[Settings/ldap_max_hits|Max.Hits]]
+
-
:50
+
-
;[[Settings/ldap_name_attributes |LDAP Name Attributes]]
+
-
: cn sn displayName --> [[Features/LDAP#Example_4:_LDAP_name_attributes|Example 4]]
+
-
;[[Settings/ldap_number_attributes|LDAP Number Atrributes]]
+
-
: Mobile telephoneNumber ipPhone  --> [[Features/LDAP#Example_5:_LDAP_number_attributes|Example 5]]
+
-
;[[Settings/ldap_display_name|LDAP display Name]]
+
-
: %displayName --> [[Features/LDAP#Example_6:_LDAP_display_name|Example 6]]
+
-
;[[Settings/country_code|Countrycode]]
+
-
: +49
+
-
;[[Settings/area_code|Areacode]]
+
-
: 030
+
-
 
+
-
*Make also sure, that the [[Settings/display_method|Number Display Style]] is set accordingly to return either name, number or both.
+
-
 
+
-
===Example 1: LDAP name filter===
+
-
 
+
-
Here you have to specify your search criteria for name look ups.
+
-
*When you type in this field :'''(&(telephoneNumber=*)(sn=%))'''
+
-
the result of your search will be all LDAP records which have the “telephoneNumber” field set and the (“sn”-->surname) field starts with the entered prefix.
+
-
*When you type in this field : '''(|(cn=%)(sn=%))'''
+
-
the result of your search will be all LDAP records which have the (“cn”-->CommonName) OR (“sn”-->Surname) field starting with the entered prefix.
+
-
* When you type in this field: '''(!(cn=%))'''
+
-
the result of your search will be all LDAP records which “do not” have the “cn” field starting with the entered prefix.
+
-
 
+
-
===Example 2: LDAP number filter===
+
-
Here you have to specify your search criteria for number look ups.
+
-
*When you  type in this field for example:'''(|(telephoneNumber=%)(Mobile=%)(ipPhone=%))'''
+
-
the result of your search will be all LDAP records which have the “telephoneNumber” OR “Mobile” OR “ipPhone”field  starting with the entered prefix.
+
-
* When you type in this field: '''(&(telephoneNumber=%)(sn=*))'''
+
-
the result of your search will be all LDAP records which have the “sn” field set and the “telephoneNumber” field starts with the entered prefix.
+
-
===Example 3: LDAP Base===
+
-
Here are some examples of what you cound enter for the [[Settings/ldap_base|ldap_base]] setting
+
-
o=UNIVERSITY OF NEW ORLEANS,c=US
+
-
o=SFU,c=CA
+
-
dc=telesec,dc=de
+
-
 
+
-
===Example 4: LDAP name attributes===
+
-
The LDAP name attributes setting can be used to specify the “name” attributes of each record which are to be returned in the LDAP search results.
+
-
*When you  type in this field for example:'''cn sn displayName'''
+
-
this requires to specify “cn”-->commonName means Full name of the user, “sn”-->Surname, last name or family name and “displayName” fields for each LDAP record.
+
-
 
+
-
See the following screenshot example of an Active Directory:
+
-
 
+
-
[[Image:name-attri.png|700px]]
+
-
 
+
-
;Further Examples
+
-
cn sn displayName
+
-
Requires “cn”, “sn” and “displayName” fields for each LDAP record.
+
-
givenName
+
-
Requires “givenName” field for each LDAP record.
+
-
vorName nachName
+
-
Requires “vorName” and “nachName” fields for each LDAP record.
+
-
 
+
-
===Example 5: LDAP number attributes===
+
-
 
+
-
The LDAP number attributes setting can be used to specify the “number” attributes of each record which are to be returned in the LDAP search results.
+
-
*When you  type in this field for example:'''Mobile telephoneNumber ipPhone'''
+
-
this requires to specify “Mobile”, “telephoneNumber” and “ipPhone” fields for each LDAP record.
+
-
 
+
-
See this screenshot example of an Active Directory:
+
-
[[Image:numberattri.png|700px]]
+
-
 
+
-
;Further examples:
+
-
Mobile telephoneNumber ipPhone
+
-
Requires “Mobile”, “telephoneNumber” and “ipPhone” fields for each LDAP record.
+
-
Home Private Office
+
-
Requires “Home”, “Private” and “Office” fields for each LDAP record.
+
-
 
+
-
===Example 6: LDAP display name===
+
-
 
+
-
This setting specifies the format in which the “name, e.g. here Mike Black” of each returned search result is to be displayed on the snom phone.
+
-
*When you  type in this field for example:'''%sn, %givenName'''
+
-
the displayed returned result should be “Black, John”
+
-
*When you  type in this field for example:'''%cn'''
+
-
the displayed returned result should be  “Mike Black”.
+
-
*When you  type in this field for example:'''%givenName'''
+
-
the displayed returned result should be “Mike Black"
+
-
*When you  type in this field for example:'''%givenName  - %sn '''
+
-
the displayed returned result should be “Mike - Black"
+
-
 
+
-
 
+
-
=== Common attributes  ===
+
-
 
+
-
Most common attributes used to configure LDAP lookup in your phone with:
+
-
 
+
-
{|border="0" cellpadding="7" cellspacing="0" valign="top" style="width: 80%; text-align: left; border:1px solid #C0C0C0"
+
-
|-
+
-
! Abbrevation
+
-
! Name
+
-
! Description
+
-
! Example
+
-
|-
+
-
| gn
+
-
| givenName
+
-
| Firstname also called Christian name
+
-
| John
+
-
|-
+
-
| sn
+
-
| surname
+
-
| Surname, last name or family name
+
-
| Doe
+
-
|-
+
-
| cn
+
-
| commonName
+
-
| LDAP attribute being made up from givenName joined to SN
+
-
| John Doe
+
-
|-
+
-
| -
+
-
| displayName
+
-
| When using this property, be sure you understand which field you are configuring.  DisplayName can be confused with CN or description.
+
-
| John Doe
+
-
|-
+
-
| -
+
-
| company
+
-
| Company or organisation name
+
-
| snom Technology
+
-
|-
+
-
| o
+
-
| organizationName
+
-
| Organization name or even organizational name
+
-
| Germany
+
-
|-
+
-
| ou
+
-
| organizationalUnitName
+
-
| Usually department or any sub entity of larger entity
+
-
| Documentation
+
-
|-
+
-
| DC
+
-
| DC
+
-
| Domain Component
+
-
| snom com
+
-
|-
+
-
|DN
+
-
|distinguishedName
+
-
| unique identifier for each entry
+
-
| cn=John Doe,ou=Documentation,dc=snom,dc=com
+
-
|-
+
-
| -
+
-
| telephoneNumber
+
-
| Office phone number
+
-
| +493012345678
+
-
|-
+
-
| mobile
+
-
| mobileTelephoneNumber
+
-
| Mobile or cellular phone number
+
-
| +4917212993833
+
-
|-
+
-
| homePhone
+
-
| homeTelephoneNumber
+
-
| Home Phone number
+
-
| +492088190292
+
-
|}
+
-
 
+
-
== Troubleshooting ==
+
-
 
+
-
A good method to troubleshoot problems with LDAP implementation is to do a [[Web_Interface/V7/PCAP_Trace|PCAP trace]] while performing a lookup.
+
-
By tracing the search requests you can check if the phone connects and authenticates correctly and determine which requests are being sent from phone to LDAP server.
+
-
 
+
-
 
+
-
Below you can see an example of a successful LDAP lookup:
+
-
 
+
-
[[Image:01_ldap_trace.png|600px]]
+
-
 
+
-
[[Image:02_ldap_trace.png|500px]]
+
-
 
+
-
[[Category:HowTo]][[Category:Directory:LDAP]]
+

Latest revision as of 11:24, 26 February 2019

This page has been moved to https://service.snom.com/display/wiki/LDAP+Directory

This category currently contains no pages or media.

Personal tools
Interoperability