Category:HowTo:Directory:LDAP
From Snom User Wiki
Contents |
Introduction
If LDAP is properly configured, the phone performs a lookup on the LDAP server for any entries with a telephoneNumber attribute set each time you start entering a number or name on the phone keypad.
If you type in digits then the phone displays all entries where the telephoneNumber begins with the same number entered so far. If you are typing in a name then the phone displays all entries where the displayName (or whatever name filter is set) begins with what has been entered so far. (This is not case-sensitive.)
Use the up and down arrows of the button to scroll through results and dial a highlighted entry by pressing
.
Usage
Category:HowTo:Directory:LDAP#Example_1:_LDAP_name_filter There are two ways to perform a LDAP search on your phone:
- Simply start a search against LDAP by pressing a number. All corresponding entries will be shown accordingly to your query setup. Default edit mode is numeric.
- Allocate the Directory Search function to one of the function keys. To do so take the following steps:
- Navigate to the "Function Keys" Web User Interface page
- Firmware Version
Free Function Keys Section
- Firmware Version
Free Function Keys Section
- Firmware Version
Free Function Keys Section
- Firmware Version
- Choose one of the free function keys and select the "Context", i.e. the SIP identity.
- Choose the "Type" "Key Event"
- Enter the value F_DIRECTORY_SEARCH in the "Number" field and press "Save".
- Navigate to the "Function Keys" Web User Interface page
Configuration
The internal LDAP client can be configured at the LDAP Section of your phone's Web User Interface (WUI). In your snom phone you will see something like the following screenshot, For more details and comprehension see examples 1 to 6:
Example Configuration
You can use the below settings as a starting point and adjust the filter and display attributes according to your needs.
- LDAP name filter
- (&(telephoneNumber=*)(sn=%)) --> Example 1
- LDAP number filter
- (&(telephoneNumber=%)(sn=*)) --> Example 2
- Server Address
- [IP address or domain]. Examples: 192.168.1.100, ldap.uno.edu, ldap.company.com
- Port
- [blank or specified LDAP port]
- Base
- DC=domain,DC=com --> Example 3
- Username
- Admin
- Password
- PASSWORD
- Max.Hits
- 50
- LDAP Name Attributes
- cn sn displayName --> Example 4
- LDAP Number Atrributes
- Mobile telephoneNumber ipPhone --> Example 5
- LDAP display Name
- %displayName --> Example 6
- Countrycode
- +49
- Areacode
- 030
- Make also sure, that the Number Display Style is set accordingly to return either name, number or both.
Example 1: LDAP name filter
Here you have to specify your search criteria for name look ups.
- When you type in this field :(&(telephoneNumber=*)(sn=%))
the result of your search will be all LDAP records which have the “telephoneNumber” field set and the (“sn”-->surname) field starts with the entered prefix.
- When you type in this field : (|(cn=%)(sn=%))
the result of your search will be all LDAP records which have the (“cn”-->CommonName) OR (“sn”-->Surname) field starting with the entered prefix.
- When you type in this field: (!(cn=%))
the result of your search will be all LDAP records which “do not” have the “cn” field starting with the entered prefix.
Example 2: LDAP number filter
Here you have to specify your search criteria for number look ups.
- When you type in this field for example:(|(telephoneNumber=%)(Mobile=%)(ipPhone=%))
the result of your search will be all LDAP records which have the “telephoneNumber” OR “Mobile” OR “ipPhone”field starting with the entered prefix.
- When you type in this field: (&(telephoneNumber=%)(sn=*))
the result of your search will be all LDAP records which have the “sn” field set and the “telephoneNumber” field starts with the entered prefix.
Example 3: LDAP Base
Here are some examples of what you cound enter for the ldap_base setting
o=UNIVERSITY OF NEW ORLEANS,c=US o=SFU,c=CA dc=telesec,dc=de
Example 4: LDAP name attributes
The LDAP name attributes setting can be used to specify the “name” attributes of each record which are to be returned in the LDAP search results.
- When you type in this field for example:cn sn displayName
this requires to specify “cn”-->commonName means Full name of the user, “sn”-->Surname, last name or family name and “displayName” fields for each LDAP record.
See the following screenshot example of an Active Directory:
- Further Examples
cn sn displayName
Requires “cn”, “sn” and “displayName” fields for each LDAP record.
givenName
Requires “givenName” field for each LDAP record.
Note: Only givenName is being accepted as name attribute but not its abbreviation gn!
vorName nachName
Requires “vorName” and “nachName” fields for each LDAP record.
Example 5: LDAP number attributes
The LDAP number attributes setting can be used to specify the “number” attributes of each record which are to be returned in the LDAP search results.
- When you type in this field for example:Mobile telephoneNumber ipPhone
this requires to specify “Mobile”, “telephoneNumber” and “ipPhone” fields for each LDAP record.
See this screenshot example of an Active Directory:
- Further examples
Mobile telephoneNumber ipPhone
Requires “Mobile”, “telephoneNumber” and “ipPhone” fields for each LDAP record.
Home Private Office
Requires “Home”, “Private” and “Office” fields for each LDAP record.
Example 6: LDAP display name
This setting specifies the format in which the “name, e.g. here Mike Black” of each returned search result is to be displayed on the snom phone.
- When you type in this field for example:%sn, %givenName
the displayed returned result should be “Black, John”
- When you type in this field for example:%cn
the displayed returned result should be “Mike Black”.
- When you type in this field for example:%givenName
the displayed returned result should be “Mike Black"
- When you type in this field for example:%givenName - %sn
the displayed returned result should be “Mike - Black"
Common attributes
Most common attributes used to configure LDAP lookup in your phone with:
Abbrevation | Name | Description | Example |
---|---|---|---|
gn | givenName | Firstname also called Christian name | John |
sn | surname | Surname, last name or family name | Doe |
cn | commonName | LDAP attribute being made up from givenName joined to SN | John Doe |
- | displayName | When using this property, be sure you understand which field you are configuring. DisplayName can be confused with CN or description. | John Doe |
- | company | Company or organisation name | snom Technology |
o | organizationName | Organization name or even organizational name | Germany |
ou | organizationalUnitName | Usually department or any sub entity of larger entity | Documentation |
DC | DC | Domain Component | snom com |
DN | distinguishedName | unique identifier for each entry | cn=John Doe,ou=Documentation,dc=snom,dc=com |
- | telephoneNumber | Office phone number | +493012345678 |
mobile | mobileTelephoneNumber | Mobile or cellular phone number | +4917212993833 |
homePhone | homeTelephoneNumber | Home Phone number | +492088190292 |
Troubleshooting
A good method to troubleshoot problems with LDAP implementation is to do a PCAP trace while performing a lookup. By tracing the search requests you can check if the phone connects and authenticates correctly and determine which requests are being sent from phone to LDAP server.
Below you can see an example of a successful LDAP lookup:
This category currently contains no pages or media.