Views

optiPoint application module How to configure LDAP

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Revision as of 13:01, 17 December 2015 by Horemu (talk | contribs) (References)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
The support for this product has been discontinued!
Please visit Devices to get further information about the current product portfolio.


This article describes how to configure the optiPoint telephone so you can use and modify the LDAP function on the optiPoint application module.

The following topics are not dealt with in this article:

  • Running an LDAP search on an optiPoint application module
  • LDAP server administration
  • Configuring further applications on an optiPoint application module

For further information on these topics, refer to the relevant documents listed in References.

What is LDAP?

See LDAP in Glossary.

Required components

The most important LDAP components are:

  • Directory server (LDAP server): provides hierarchical storage of attributes such as names, telephone numbers, etc.
  • LDAP client: allows you to enter search parameters and display the results.
    The following devices support the LDAP function:
  • LDAP template: connects input and output fields on the LDAP client with attributes on the directory server.
    Sample of a LDAP template for download: zip.png  Sample LDAP-template

Requirements

The following requirements must be met before you start configuration:

You can also run the optiPoint application module on optiPoint 500 telephones, but these do not support the LDAP function.
  • To optimize browser-based administration:
    • You should know the IP address of the optiPoint telephone with the optiPoint application module you wish to configure.
    • You should have a PC with a Web browser that can access the optiPoint telephone with an attached optiPoint application module via LAN.
You can also connect a PC (a laptop, for example) directly to one of the telephones listed above using a LAN cable (bw nw.png socket on the underside of the telephone).

See References to find out where you can obtain any additional information you need.

Scope of functions on optiPoint application module

  • You can use one or more search strings to find information on the directory server.
  • You can use complete or partial strings. Enter an asterisk (*) if you are not using a complete string.
  • You can call a person from the hit list simply by pressing a button.

Configuration overview

The following table provides an overview of the sections in this document that describe how to administer the Java platform via a Web browser (WEB) and via the optiPoint application module (APM). At a glance, you can see which configuration options are available for each task.

Configuration task WEB APM
Change LDAP server address Yes No
Change LDAP server port Yes No
Change FTP server address Yes No
Change FTP account name Yes No
Change FTP user name Yes No
Change FTP passwordess Yes No
Change FTP LDAP template file name Yes No
Change FTP LDAP template directory name Yes No
Load LDAP template with FTP Yes No
Reset LDAP template No[1] No
  1. Only possible after reset to factory default.

You can also use other methods to administer optiPoint application module, such as the Deployment Tool or Deployment Service.

For further information on these, see References.

Entering LDAP Server Data on optiPoint application module

Before you can use LDAP on the optiPoint application module, you must enter certain data on the telephone for communication with the LDAP server.

Entering LDAP server data

  1. Open a Web browser and enter the IP address of the optiPoint telephone that will receive the LDAP server data:
    http://[IP address]:8085
    The telephone homepage is displayed.
  2. Click Administration.
    You are prompted you to enter the administration password.
  3. Enter the password (default: 123456) and confirm your entry with Login.
    The administration menu is displayed.
  4. In the menu select LDAP under Applications.
    An input form is displayed.
  5. Enter the LDAP server address in the form and select Submit.
  6. In the menu select Port Settings under System.
    An input form is displayed.
  7. In the form, enter the LDAP server port in the LDAP line of the Home column and click Submit.

You have now entered all data required for communication with the LDAP server on the telephone.

Modifying LDAP Templates

The LDAP template is an ASCII text file that uses an allocation list to assign directory server attributes to input and output fields on an LDAP client. The LDAP template must be modified correctly for successful communication between the directory server and the LDAP client.

You must complete the following steps before using an LDAP template:

  • Use a text editor to edit the LDAP template - see Editing LDAP templates.
  • Install the LDAP template on the optiPoint application module - see Installing LDAP templates.
  • Check that the changes are displayed as required on the optiPoint application module and that no error messages have been issued.

Editing LDAP templates

The following section describes the syntax of LDAP templates and provides tips on modifying a template to meet your requirements. To install the modified template, see Installing LDAP templates.

LDAP templates contain information that is interpreted by the directory server. It is therefore important that the syntax is accurate. Edit the template carefully and save a copy of the template file before you make any changes.

The following is an example of an LDAP template, which you can copy and paste into a file (for example, template.txt) to use as a basis for further editing.

optiPoint 410 LDAP TEMPLATE (V1)
SEARCHBASE "dc=teamone,dc=intranet"
SEARCHFILTER1 = "surnameNational,Nachname"
SEARCHFILTER2 = "givenNameNational,Vorname"
SEARCHFILTER3 = "department,Abteilung"
SEARCHFILTER4 = "localityShortCode,Ort"
SEARCHFILTER5 = "ou,Org. Einheit"
SEARCHATTRIB1 = "commonNameNational,Name,0"
SEARCHATTRIB2 = "telephoneNumber,Telefon,1"
SEARCHATTRIB3 = "alternatePhone,Telefon 2,1"
SEARCHATTRIB4 = "mobileTelephoneNumber,Mobile,1"
SEARCHATTRIB5 = "ou,Organisationseinheit,0"
SEARCHATTRIB6 = "localityNational,Ort,0"
SEARCHATTRIB7 = "department,Abteilung,0"
SEARCHATTRIB8 = "mainFunction,Funktion,0"
EOF

The template may also contain any number of blank lines.

You can also add comments. Text entered after two forward slashes (//) is interpreted as a comment.

A template can be divided into different segments (described below).

Template header

The header consists of the entry optiPoint 410 LDAP TEMPLATE (V1). Do not change this entry even if the optiPoint application module is connected to a telephone from the optiPoint 420 family.

Search bases

The SEARCHBASE entry marks the starting point of a search in the directory server structure. In other words, you can use the SEARCHBASE entry as a filter.

Examples:

  • SEARCHBASE ""
    The search starts at the directory root. All entries are searched.
  • SEARCHBASE = "C=DE"
    The search is restricted to entries assigned the country (C) Germany (DE).
  • SEARCHBASE = "O=SIEMENS,C=DE"
    In addition to defining the country, the search is now further restricted to the Siemens organization.

This entry must correspond to the directory server configuration. Only make changes here if you have the relevant information about the directory server.

Search filters

The input form for an enhanced search is made up of the entries SEARCHFILTER1 to SEARCHFILTER5. SEARCHFILTER1 and SEARCHFILTER2 are also used for the basic search input field.

All search filters are connected with a logical AND.

Syntax for SEARCHFILTER fields: Search filters

You can change the visible identifier for these entries according to your wishes, for example, "Nachname" to "surname".

Please note that there is a maximum length for every identifier. Identifiers that are too long are cut off in the optiPoint application module display. Always check any changes you make on your telephone.

You should only change attribute names or the number of search filter entries if you modify the configuration on the directory server accordingly.

Search attributes

The entries SEARCHATTRIB1 to SEARCHATTRIB8 are identifiers for LDAP searches on the optiPoint application module. The contents of the SEARCHATTRIB1 SEARCHATTRIB1 field are also displayed in the hit list.

Syntax for SEARCHATTRIB fields: Search attributes

The dial flag (0 or 1) appears as a button next to the result field. You dial the telephone number in the result field simply by clicking this button.

You can change the visible identifier for these entries according to your wishes, for example, you can change "telephone" to "tel. no.".

Please note that there is a maximum length for each identifier. Identifiers that are too long are cut off in the optiPoint application module display. Always check any changes you make on the telephone.

You should only change attribute names or the number of search filter entries if you modify the configuration on the directory server accordingly.

Template footer

The footer is the final part of the template. Do not make any changes here.

Installing LDAP templates

The following section describes how to install an LDAP template (see Editing LDAP templates) on the optiPoint application module.

A default template is preinstalled and delivered with the optiPoint application module. This template is overwritten by the installation procedure described here.

Check the requirements listed in Requirements.

LDAP templates can be installed by administrators and users. The following describes the procedure for administrators (that is, in the administration area of your Web browser).

  1. Open a Web browser and enter the IP address of the optiPoint telephone whose LDAP template you want to install on the optiPoint application module:
    http://[IP address]:8085
    The telephone homepage is displayed.
  2. Click Administration.
    You are prompted to enter the administration password.
  3. Enter the password (default: 123456) and confirm your entry with Login.
    The administration menu is displayed
  4. Select File transfer from the menu.
    An input form is displayed.
  5. Enter the following parameters in the form or check that the existing entries are correct:
    • FTP server address: IP address of the FTP server.
    • FTP account name: account name for FTP server access.
    • FTP username: user name for FTP server access.
    • Only enter a password in both FTP password fields if the password has changed. The password is not displayed when entered in these fields.
    • LDAP template filename: file name with the LDAP template file suffix, for example, template.txt.
    • FTP path: file path starting at the directory entered as the FTP root on the FTP server. The default entry is a dot (.), which means that a path has not been entered.
  6. Select Download LDAP template from Action on submit.
  7. Click Submit.

The installation takes a few seconds. If it is successful, the browser returns to the administration menu. If it is not successful, a corresponding error message is displayed.

See also