Views

Difference between revisions of "optiPoint application module How to configure LDAP"

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search
(Search filters)
(Search filters)
Line 196: Line 196:
  
 
You should only change attribute names or the number of search filter entries if you modify the configuration on the directory server accordingly.
 
You should only change attribute names or the number of search filter entries if you modify the configuration on the directory server accordingly.
 +
 +
=== Search attributes ===
 +
The entries ''SEARCHATTRIB1'' to ''SEARCHATTRIB8'' are identifiers for LDAP searches on the optiPoint application module.
 +
The contents of the ''SEARCHATTRIB1'' ''SEARCHATTRIB1'' field are also displayed in the hit list.
 +
 +
Syntax for ''SEARCHATTRIB'' fields:
 +
[[Image:16px]]

Revision as of 08:25, 4 October 2006

Overview

This document contains practical information on how to configure the LDAP client on an optiPoint application module (via the "LDAP" application).

Scope of document

This document describes how to configure the optiPoint telephone so you can use and modify the LDAP function on the optiPoint application module.

The following topics are not dealt with in this document:

  • Running an LDAP search on an optiPoint application module
  • LDAP server administration
  • Configuring further applications on an optiPoint application module

For further information on these topics, refer to the relevant documents listed in section 4, “References”.

The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do not always apply as described or which may change as a result of further development of the products.

The trademarks used are the property of Siemens AG or their respective owners.

What is LDAP?

LDAP is an abbreviation of Lightweight Directory Access Protocol.

This network protocol allows you to access a directory server (LDAP server) via an LDAP client. You can then access various information stored there.

In practice, this means, for example, that you enter the surname of a person you want to call in the optiPoint application module. After a few moments, a hit list of the name(s) matching your entry is displayed. You can then call this person directly using the number that appears.

Required components

The most important LDAP components are:

  • Directory server (LDAP server): provides hierarchical storage of attributes such as names, telephone numbers, etc.
  • LDAP client: allows you to enter search parameters and display the results.
    The following devices support the LDAP function:
    • optiPoint application module
    • optiPoint display module
    • optiPoint 600 office
    • Other optiPoint telephones on the HiPath 3000/5000 communication platform (V5.0 and later)
  • LDAP template: connects input and output fields on the LDAP client with attributes on the directory server.

Requirements

The following requirements must be met before you start configuration:

  • The optiPoint application module must be connected to one of the following optiPoint telephones and operational:
    • optiPoint 410 standard (CorNet IP)
    • optiPoint 410 advance (CorNet IP)
    • optiPoint 420 standard (CorNet IP)
    • optiPoint 420 advance (CorNet IP)
You can also run the optiPoint application module on optiPoint 500 telephones, but these do not support the LDAP function.
  • To optimize browser-based administration:
    • You should know the IP address of the optiPoint telephone with the optiPoint application module you wish to configure.
    • You should have a PC with a Web browser that can access the optiPoint telephone with an attached optiPoint application module via LAN.
You can also connect a PC (a laptop, for example) directly to one of the telephones listed above using a LAN cable (bw nw.png socket on the underside of the telephone).

See section 4, “References” to find out where you can obtain any additional information you need.

Scope of functions on optiPoint application module

  • You can use one or more search strings to find information on the directory server.
  • You can use complete or partial strings. Enter an asterisk (*) if you are not using a complete string.
  • You can call a person from the hit list simply by pressing a button.

Configuration overview

The following table provides an overview of the sections in this document that describe how to administer the Java platform via a Web browser (WEB) and via the optiPoint application module (APM). At a glance, you can see which configuration options are available for each task.

Configuration task WEB APM
Change LDAP server address Yes No
Change LDAP server port Yes No
Change FTP server address Yes Yes
Change FTP account name Yes Yes
Change FTP user name Yes No
Change FTP passwordess Yes No
Change FTP LDAP template file name Yes No
Change FTP LDAP template directory name Yes No
Load LDAP template with FTP Yes No
Reset LDAP template No 1 No
1 Only possible after reset to factory default.

You can also use other methods to administer optiPoint application module, such as the Deployment Tool or Deployment Service.

For further information on these, see section 4, “References”


Entering LDAP Server Data on optiPoint application module

Before you can use LDAP on the optiPoint application module, you must enter certain data on the telephone for communication with the LDAP server.

Entering LDAP server data

  1. Open a Web browser and enter the IP address of the optiPoint telephone that will receive the LDAP server data:
    http://[IP address]:8085
    The telephone homepage is displayed.
  2. Click Administration.
    You are prompted you to enter the administration password.
  3. Enter the password (default: 123456) and confirm your entry with Login.
    The administration menu is displayed.
  4. In the menu select LDAP under Applications.
    An input form is displayed.
  5. Enter the LDAP server address in the form and select Submit.
  6. In the menu select Port Settings under System.
    An input form is displayed.
  7. In the form, enter the LDAP server port in the LDAP line of the Home column and click Submit.

You have now entered all data required for communication with the LDAP server on the telephone.


Modifying LDAP Templates

The LDAP template is an ASCII text file that uses an allocation list to assign directory server attributes to input and output fields on an LDAP client. The LDAP template must be modified correctly for successful communication between the directory server and the LDAP client.

You must complete the following steps before using an LDAP template:

  • Use a text editor to edit the LDAP template - see section 3.1, “Editing LDAP templates”.
  • Install the LDAP template on the optiPoint application module - see section 3.2, “Installing LDAP templates”.
  • Check that the changes are displayed as required on the optiPoint application module and that no error messages have been issued.

Editing LDAP templates

The following section describes the syntax of LDAP templates and provides tips on modifying a template to meet your requirements. To install the modified template, see section 3.2, “Installing LDAP templates”.

LDAP templates contain information that is interpreted by the directory server. It is therefore important that the syntax is accurate.

Edit the template carefully and save a copy of the template file before you make any changes.

The following is an example of an LDAP template, which you can copy and paste into a file (for example, template.txt) to use as a basis for further editing.

optiPoint 410 LDAP TEMPLATE (V1)
SEARCHBASE "dc=teamone,dc=intranet"
SEARCHFILTER1 = "surnameNational,Nachname"
SEARCHFILTER2 = "givenNameNational,Vorname"
SEARCHFILTER3 = "department,Abteilung"
SEARCHFILTER4 = "localityShortCode,Ort"
SEARCHFILTER5 = "ou,Org. Einheit"
SEARCHATTRIB1 = "commonNameNational,Name,0"
SEARCHATTRIB2 = "telephoneNumber,Telefon,1"
SEARCHATTRIB3 = "alternatePhone,Telefon 2,1"
SEARCHATTRIB4 = "mobileTelephoneNumber,Mobile,1"
SEARCHATTRIB5 = "ou,Organisationseinheit,0"
SEARCHATTRIB6 = "localityNational,Ort,0"
SEARCHATTRIB7 = "department,Abteilung,0"
SEARCHATTRIB8 = "mainFunction,Funktion,0"
EOF

The template may also contain any number of blank lines. You can also add comments. Text entered after two forward slashes (//) is interpreted as a comment. A template can be divided into different segments (described below).

Template header

The header consists of the entry optiPoint 410 LDAP TEMPLATE (V1). Do not change this entry even if the optiPoint application module is connected to a telephone from the optiPoint 420 family.

Search bases

The SEARCHBASE entry marks the starting point of a search in the directory server structure. In other words, you can use the SEARCHBASE entry as a filter. Examples:

  • SEARCHBASE ""
    The search starts at the directory root. All entries are searched.
  • SEARCHBASE = "C=DE"
    The search is restricted to entries assigned the country (C) Germany (DE).
  • SEARCHBASE = "O=SIEMENS,C=DE"
    In addition to defining the country, the search is now further restricted to the Siemens organization.

This entry must correspond to the directory server configuration. Only make changes here if you have the relevant information about the directory server.

Search filters

The input form for an enhanced search is made up of the entries SEARCHFILTER1 to SEARCHFILTER5. SEARCHFILTER1 and SEARCHFILTER2 are also used for the basic search input field.

All search filters are connected with a logical AND.

Syntax for SEARCHFILTER fields: File:16px

You can change the visible identifier for these entries according to your wishes, for example, "Nachname" to "surname".

Please note that there is a maximum length for every identifier. Identifiers that are too long are cut off in the optiPoint application module display. Always check any changes you make on your telephone.

You should only change attribute names or the number of search filter entries if you modify the configuration on the directory server accordingly.

Search attributes

The entries SEARCHATTRIB1 to SEARCHATTRIB8 are identifiers for LDAP searches on the optiPoint application module. The contents of the SEARCHATTRIB1 SEARCHATTRIB1 field are also displayed in the hit list.

Syntax for SEARCHATTRIB fields: File:16px