Views

LDAP on OpenStage and OpenScape Desk Phone

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search

The Lightweight Directory Access Protocol (LDAP) enables access to a directory server via an LDAP client. Various personal information is stored there, e.g. the name, organization and contact data of persons working in an organization. When the LDAP client has found a person’s data, e. g. by looking up the surname, the user can call this person directly using the displayed number.

LDAP is available only on OpenStage 40/60/80 phones, as well for OpenStage 15/20 since V3R3 SIP and V3R0HFA.

LDAP Example Screen on OpenStage 60/80

For Users

If you have access to an LDAP directory (contact the responsible administrator), you can search contacts in a company-wide directory. A user-friendly, advanced search function is available for this. You can transfer any entries found to your local phonebook. (>= V2 R0,OS Hi Only)


Finding an LDAP entry

  • Press the phone book mode key until the Corporate Directory ("Corporate") tab is active.
  • Select and confirm the option shown in the Options context menu.
  • Select and confirm the required search field (for example, "Last name").
  • Enter a search text.

Once you have completed all required search fields, confirm the search request by selecting and confirming "OK" on the display keypad. You can perform searches using the name (simple search) or different information on an entry (advanced search), for example, job title or department name.

You can now:

  • call the LDAP contact
  • view the LDAP entry
  • copy the entry into the local phone book (>= V2 R0,OS Hi Only)


New search

To conduct a new search, you must first clear all the search fields. Select and confirm the option shown in the Delete context menu. All search fields have been cleared.


Defining a qualifier before a search

Prior to a search, you can select which qualifiers should also appear in the output list in the Options context menu. Select and confirm the option shown. You may choosebetween the following criteria:

  • No qualifier
  • Job function
  • Address 1
  • Email
  • Business 1
  • Mobile
  • Business 2
  • Private
  • Company
  • Address 2

Select and confirm the desired qualifier. Exit the list.


Importing an LDAP entry into the phonebook (>=V2 R0,OS Hi Only)

  • Select an entry.
  • Open the context menu.
  • Select and confirm the option shown.
  • The view changes to the personal phonebook.
  • Enter additional information.

The LDAP entry is now saved as a contact in your personal phonebook.

For Administrators

OpenStage Phone Supports LDAP V3 with authentication.

LDAP Server Configuration

For connecting the phone’s LDAP client to a LDAP server, the required access data must be configured. The parameters Server address and Server port specify the IP address and hostname as well as the port used by the LDAP server. If the Authentication is not set to "Anonymous", the user must authenticate himself with the server by providing a User name and a corresponding Password. The user name is the string in the LDAP bind request, e. g. "C=GB,O=Unify,OU=COM,L=NTH,CN=BAYLIS MICHAEL". The internal structure will depend on the specific corporate directory.

Data required (Administrator -> Local functions -> Directory settings)

  • Server address: IP address or hostname of the LDAP server.
  • Server port: Port on which the LDAP server is listening for requests. Default: 389.
  • Authentication: Authentication method used for connecting to the LDAP server. Value range: "Anonymous", "Simple". Default: "Anonymous".
  • User name: User name used for authentication with the LDAP server in the LDAP bind request.
  • Password: Password used for authentication with the LDAP server.


LDAP Directory Settings in WBM

LDAP Template Handling

Prerequisites:


  1. An LDAP server is present and accessible to the phone’s network. The standard port for LDAP is 389.
  2. Query access to the LDAP server must be provided. Unless anonymous access is used, a user name and passwort must be provided. It might be feasible to use a single login/password for all OpenStage phones.
  3. To enable dialing internal numbers from the corporate phonebook, an LDAP entry must be provided that contains the proper number format required by OpenScape Voice. In Microsoft Active Directory, the standard LDAP attribute telephoneNumber is typically populated as follows: +1<area code><call number>. However, in a standard configuration, OpenScape Voice will not handle this dial string correctly, due to the +1 prefix. Therefore, it is recommended to use the ipPhone field, which is typically unused in Active Directory. It can be found in the Telephones tab of the Active Directory User Manager.

Create an LDAP Template

The user interface of the corporate phonebook application provides a form which is used both for search and retrieval. The task of an LDAP template is to map the phone’s search and display fields to LDAP attributes, that can be delivered by the server. In the LDAP template, the fields are represented by hard-coded names: ATTRIB01, ATTRIB02, and so on. These field names are assigned to LDAP attributes, as appropriate.


The following examples show the relations between GUI field names, the attribute labels used in the template, and exemplary mappings to LDAP attributes.

Generic Example (Standard Attributes)

OpenStage Field LDAP Template Lables LDAP Attribute Example Value
Last name ATTRIB01 sn Doe
First name ATTRIB02 givenName John
Business 1 ATTRIB03 telephoneNumber 9991234
Business 2 ATTRIB04 facsimileTelephoneNumber 9992345
Mobile ATTRIB05 mobile 017711223344
Private ATTRIB06 homePhone 441274333444
Company ATTRIB07 o Example Inc.
Address 1 ATTRIB08 departmentNumber 0815
Address 2 ATTRIB09
Job function ATTRIB10 title Product Manager
Email ATTRIB11 mail doe@example.com


Given "example.com" as the LDAP subtree to be searched, the LDAP template file would look like this:

OpenStage LDAP TEMPLATE (v.1)
SEARCHBASE="dc=example,dc=com"
ATTRIB01="sn"
ATTRIB02="givenname"
ATTRIB03="telephoneNumber"
ATTRIB04="facsimileTelephoneNumber"
ATTRIB05="mobile"
ATTRIB06="homePhone"
ATTRIB07="o"
ATTRIB08="departmentNumber"
ATTRIB09=""
ATTRIB10="title"
ATTRIB11="mail"
EOF


Microsoft Active Directory Specific Example

OpenStage Field LDAP Template Lables LDAP Attribute Example Value
Last name ATTRIB01 sn Doe
First name ATTRIB02 givenName John
Business 1 ATTRIB03 ipPhone 9991234
Business 2 ATTRIB04 otherTelephone 9992345
Mobile ATTRIB05 mobile 017711223344
Private ATTRIB06 homePhone 441274333444
Company ATTRIB07 company Example Inc.
Address 1 ATTRIB08 department 0815
Address 2 ATTRIB09
Job function ATTRIB10 title Product Manager
Email ATTRIB11 mail doe@example.com


Given "example.com" as the LDAP subtree to be searched, the LDAP template file would look like this:

OpenStage LDAP TEMPLATE (v.1)
SEARCHBASE="dc=example,dc=com"
ATTRIB01="sn"
ATTRIB02="givenname"
ATTRIB03="ipPhone"
ATTRIB04="otherTelephone"
ATTRIB05="mobile"
ATTRIB06="homePhone"
ATTRIB07="company"
ATTRIB08="department"
ATTRIB09=""
ATTRIB10="title"
ATTRIB11="mail"
EOF

Load the LDAP Template into the Phone

When you have configured the LDAP template, you can upload it to the phone:

  • Save the template under a suitable name, for example, ldap-template.txt.
  • Copy the template file to the FTP server designated for deploying LDAP templates.
  • Upload the file using the WBM

For an example configuration, see the following WBM screenshot (Administrator-> File transfer -> LDAP)


LDAP template file download parameters


LDAP simple (wildcard) search is released since V3R3 SIP. Before V3R3 SIP, the phone will automatically append a wildcard to the search string entered by the user (when using the “simple search” mode). The wildcard is not presented to the user. With this enhancement the phone can be configured in such a way that the search requests will automatically contain leading and trailing wildcards. As precondition working with this new wildcard search, the administration has to configure the LDAP client on the phone and to download an enhanced LDAP template. The user can now conduct LDAP queries that require less information than needed today: Directory entries will be found (via simple search) even if the starting characters are not known or shall not be entered for simplicity reasons. The wildcard search is controlled by the administration using an enhanced LDAP template. The presence of the 12th attribute activates the new search mode. Refer to the following example:

OpenStage LDAP TEMPLATE
ATTRIB01="sn"
ATTRIB02="givenname"
ATTRIB03="telephoneNumber"
ATTRIB04="alternatePhone"
ATTRIB05="telephone-mobile"
ATTRIB06=""
ATTRIB07="ou", READONLY
ATTRIB08="department", READONLY
ATTRIB09="localityName"
ATTRIB10=""
ATTRIB11="mail"
ATTRIB12="employeeType"
EOF


The example above is using the field “employee Type” for searching on the LDAP server. Note, that the content of ATTRIB12 is not presented to the user.