VoIP:LDAP

From VTX Public Wiki

Revision as of 15:45, 16 September 2022 by Uwi (talk | contribs) (→‎LDAP VTX: VTX-LDAP > LDAP VTX)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction LDAP[edit | edit source]

We use LDAP to manage a centralized directory that will be automatically updated on on all compatible phones. You can manage it in the VTX-Kiosk.


Enable LDAP phonebook via Kiosk (autoprovisioning)[edit | edit source]

LDAP can be enabled via VTX-Kiosk, so you don't have to manually input the LDAP-credentials on compatible, auto-provisioned phones.

Go to the "Directory"-menu, under "My Services" and "Telephony", you can than choose the related phone-service and tap "show".

Image ldap 2.png

At this point you can choose how you want to enable LDAP (or disable) :

Image ldap.png


LDAP VTX[edit | edit source]

This option enables the LDAP server integrated in the Virtual PBX. Each compatible phone will integrate the company directory and the personal directory, managed via Kiosk.

Please note that this works only with the LDAP VTX, if you want to use your own LDAP-server, it has to be set up seperately by using External LDAP


External LDAP[edit | edit source]

This option allows you to activate an external LDAP server (LDAP client) and enter your configuration settings

To be compatible with our LDAP, be sure to work with those parameters that are predevined:


   Yealink
   ldap.display_name = %sn %givenName
   ldap.name_attr = sn givenName
   ldap.name_filter = (|(givenName=%)(sn=%))
   ldap.numb_attr = telephoneNumber mobile homePhone
   ldap.number_filter = (|(telephoneNumber=%)(telephoneNumber=+%)(mobile=%)(mobile=+%)(homePhone=%)(homePhone=+%))


   Snom
   ldap_display_name = %sn %givenName
   ldap_name_attributes = sn givenName
   ldap_number_attributes = telephoneNumber mobile homePhone
   ldap_number_filter = (|(telephoneNumber=%*)(telephoneNumber=+%*)(mobile=%*)(mobile=+%*)(homePhone=%*)(homePhone=+%*))
   ldap_search_filter = (|(givenName=%*)(sn=%*))


   Gigaset
   BS_LDAP_Netdirs.astNetdirProvider[0].DisplayName = %sn %givenName
   BS_LDAP_Netdirs.astNetdirProvider[0].NameAttributes = sn
   BS_LDAP_Netdirs.astNetdirProvider[0].NameFilter = (|(givenName=%)(sn=%))
   BS_LDAP_Netdirs.astNetdirProvider[0].NumberAttributes = telephoneNumber
   BS_LDAP_Netdirs.astNetdirProvider[0].NumberFilter = (|(telephoneNumber=%)(telephoneNumber=+%)(mobile=%)(mobile=+%))
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[0].aucItemAttribute[0] = givenName
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[1].aucItemAttribute[0] = sn
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[2].aucItemAttribute[0] = homePhone
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[3].aucItemAttribute[0] = telephoneNumber
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[4].aucItemAttribute[0] = mobile
   BS_LDAP_Netdirs.astNetdirProvider[0].astNetDirDirectoryItems[6].aucItemAttribute[0] = facsimileTelephoneNumber


Example of how to set up an ext. LDAP-server:


Protocol: LDAP

Server: ldap.company.ch

Port: 389

LDAP Root: DC=ldap,DC=company,DC=ch

User name: CN=ldapreader,OU=serviceuser,OU=organisation

Password: ************

LDAP Root: usually the domain, could also be DC=domain,DC=local

User name: never use an emailadresse like for example ldapreader@company.ch

User name is built with a user in the ldap or active directory tree CN=ldapreader + usually OU=organisation, could also be CN=ldapreader,OU=organisation

Easiest way is to use a openldap tool to get the authentification informations

Base DN: dc=ldap,dc=company,dc=ch

Bind DN: uid=root,ch=users,cd=office,dc=company,dc=ch

ldapsearch -H [ldap://ldap.company.ch ldap://ldap.company.ch] -D "ldapreader" -w password -b "dc=company,dc=ch" "(CN=ldapreader)" | grep dn

dn: CN=ldapreader,OU=serviceuser,OU=organisation,DC=company,DC=ch


LDAP example external.png


LDAP Neutral[edit | edit source]

This option allows you to maintain the current configuration of your service without affecting the existing settings.


Inactive LDAP[edit | edit source]

This option disables the LDAP server.

Be carefull, all LDAP configurations and settings will be deleted.

FAQ LDAP[edit | edit source]

Use same VTX LDAP Server on different vPBX services[edit | edit source]

You wish to have same LDAP informations on different vPBX within VTX.

  • Activate VTX LDAP on one of the vPBX Services
  • Get the credentials of the VTX LDAP activated on this Service
  • Connect to the Kiosk of the other vPBX Services
  • Activate External LDAP on all other vPBX Services and enter the credentials of first VTX LDAP

LDAP lookup not working[edit | edit source]