IP Office Platform
  Carroll Communications Home
  Avaya IP Office
  Avaya IP Office 406 r2
  Avaya IP Office 412
  IP Office Telephones
  Voice Mail Pro
  Phone Manager Pro
  IP Office Manager
  IP Office Soft Console
  Conferencing Center
  Compact Business Center
  Short Codes
  Data Networking
  IP Office Expansion Modules
  IP Office Licenses
  Centrales Telefonicas
  Voice over IP Phone Systems
NEW IP Office 500
  Phone System Quote
  IP Office Tek Tips
  IP Office 403

Avaya VoIP Business Phone System
Telecommunications Consulting
 
Overview of Manager
Whats New in Manager 3.2
Upgrading to Manager v 3.2
Installing Manager
Starting Manager & Connecting to IP Office
Backward Compatibility
Configuration Mode Interface
Security Settings
The Menu Bar
Toolbars
Using the Navigation Pane
Using the Group Pane
Group Pane Columns
Using the Details Pane
Using the Error Pane
Altering the Configuration Interface
Status Bar Messages
How the Configuration is Used
Mergeable Settings
Configuration File Sizes
Setting the Discovery IP Address
Loading a Configuration File
Creating a New Configuration
Importing and Exporting Settings
Saving a Configuration onto a PC
Sending a Configuration
Erasing the IP Office Configuration
Mobile twining settings
Backup/Restore/Import/Export
Line Form Overview
Analog Line Overview
Line | Analog Options
Line | BRI Overview
Line | Short Codes| BRI
Line Form (E1 PRI) Overview
Line | PRI Line (E1)
Line | Short Codes| Channels (E1 PRI)
Line Form (E1-R2) Overview
Line | Channels (E1-R2)
T1 Line Overview
Overview of Security Settings
Default Security Rights Users
Security Mode Interface
Loading and Saving Security Settings
General Security Settings
Security | System Details
Security | Unsecured Interfaces
Security Services Settings
Group Rights | Details| Configuration
Security Administration and Service User Setting
Open, Close / Save Configuration
Change Working Directory
File | Preferences
Offline Create / Send Config
Erase Configuration (Default)| Reboot| Audit Trail
Start Upgrade Wizard Tool
MSN Configuration & Extensions Renumber
File | Open Security Settings
Configuration Settings
BOOTP | BOOTP Entry
System Settings
System | LAN1 Settings
System | DNS Settings
System | Voicemail
System | Telephony
System | H.323 Gatekeeper
System | LDAP Settings
System | System Alarms
System | Call Detail Record
CDR Record Formats and Fields
Call Splitting
Line | Gateway (IP DECT)
IP DECT Line Overview
Line | VoIP (IP)
Line | Line (IP)| Short Codes
IP Trunk Fallback
Line Form (IP) Overview
Line | Special (T1 PRI)
Line | Channels (T1 PRI)| TNS
Line Form (T1 PRI) Overview
Line | Channels T1 Short Codes
 
IP Office Manager Pt.2
IP Office Manager Pt. 3
about us | phone equipment | voip solutions | partner phone systems | site map | contact us

System | LDAP

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of DAP (Directory Access Protocol), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version, it did not include security features.

In a network, a directory tells you where in the network something is located. On TCP/IP networks, including the Internet, the Domain Name System (DNS) is the directory system used to relate the domain name to a specific network address. However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search).

An LDAP directory is organized in a simple "tree" hierarchy consisting of the following levels:

  • The "root" directory (the starting place or the source of the tree), which branches out to

  • Countries, each of which branches out to

  • Organizations, which branch out to

  • Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for)

  • Individuals (which includes people, files, and shared resources such as printers)

 

An LDAP directory can be distributed among many servers. Each server can have a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSA's as necessary, but ensuring a single coordinated response for the user.

LDAP Directory Synchronization allows the telephone number Directory held in the Control Unit to be synchronized with the information on an LDAP server. Although targeted for interoperation with Windows 2000 Server Active Directory, the feature is sufficiently configurable to interoperate with any server that supports LDAP version 2 or higher.

Telephone numbers obtained via the LDAP mechanism are held dynamically in the Directory. Each record retrieved creates a Directory Entry for use with Phone Manager. Please note that the entries are not stored in the configuration and therefore will not be visible via Manager. A maximum of 500 records can be retrieved due to size restraints. Records with exactly the same data in the Name and Number fields will not be duplicated.

Up to 500 LDAP directory entries can be obtained and then displayed in the Phone Manager directory for IP Office users. They do not appear in the Manager directory.

 

Settings

Action

Operator Rights View

Mergeable

 

System

Level

Administrator

Manager

Operator

 

SOE

2.1

View

Pre-3.2

3.2

 

IP403

3.0DT

Edit

 

IP406 V1

3.0

New

 

IP406 V2

3.1

Delete

 

IP412

3.2

  • LDAP Enabled: Default = Off
    This option turns LDAP support on or off.

  • User Name: Default = blank
    Enter the user name to authenticate connection with the LDAP database. To determine the domain-name of a particular Windows 2000 user look on the "Account" tab of the user's properties under "Active Directory Users and Computers". Note that this means that the user name required is not necessarily the same as the name of the Active Directory entry. There should be a built-in account in Active Directory for anonymous Internet access, with prefix "IUSR_" and suffix server_name (whatever was chosen at the Windows 2000 installation). Thus, for example, the user name entered is this field might be: IUSR_CORPSERV@acme.com

  • Password: Default = blank
    Enter the password to be used to authenticate connection with the LDAP database. Enter the password that has been configured under Active Directory for the above user. Alternatively an Active Directory object may be made available for anonymous read access. This is configured on the server as follows:

    • In "Active Directory Users and Computers" enable "Advanced Features" under the "View" menu. Open the properties of the object to be published and select the "Security" tab. Click "Add" and select "ANONYMOUS LOGON", click "Add", click "OK", click "Advanced" and select "ANONYMOUS LOGON", click "View/Edit", change "Apply onto" to "This object and all child objects", click "OK", "OK", "OK".
      Once this has been done on the server, any entry can be made in the User Name field in the System configuration form (however this field cannot be left blank) and the Password field left blank. Other non-Active Directory LDAP servers may allow totally anonymous access, in which case neither User Name nor Password need be configured.

  • Server IP Address: Default = blank
    Enter the IP address of the server storing the database.

  • Server Port: Default = 389
    This setting is used to indicate the listening port on the LDAP server.

  • Authentication Method: Default = Simple
    Select the authentication method to be used.

    • Simple: clear text authentication

    • Kerberos: Kerberos 4 LDAP and Kerberos 4 DSA encrypted authentication (for future use).

  • Resync Interval (secs): Default = 3600 seconds, Range = 1 to 99999 seconds.
    The frequency at which the IP Office should resynchronize the directory with the server. This value also affects some aspects of the internal operation.

    • The LDAP search inquiry contains a field specifying a time limit for the search operation and this is set to 1/16th of the resync interval. So by default a server should terminate a search request if it has not completed within 225 seconds (3600/16).

    • The client end will terminate the LDAP operation if the TCP connection has been up for more than 1/8th of the resync interval (default 450 seconds). This time is also the interval at which a change in state of the "LDAP Enabled" configuration item is checked.

  • Search Base / Search Filter: Default = blank
    These 2 fields are used together to refine the extraction of directory entries. Basically the Base specifies the point in the tree to start searching and the Filter specifies which objects under the base are of interest. The search base is a distinguished name in string form (as defined in RFC1779).
    The Filter deals with the attributes of the objects found under the Base and has its format defined in RFC2254 (except that extensible matching is not supported).
    If the Search Filter field is left blank the filter defaults to "(objectClass=*)", this will match all objects under the Search Base.

The following are some examples applicable to an Active Directory database:

    • To get all the user phone numbers in a domain:
      Search Base:       cn=users,dc=acme,dc=com
      Search Filter:       (telephonenumber=*)

    • To restrict the search to a particular Organizational Unit (eg office) and get cell phone numbers also:
      Search Base:       ou=holmdel,ou=nj,DC=acme,DC=com
      Search Filter:       (|(telephonenumber=*)(mobile=*))

    • To get the members of distribution list "group1":
      Search Base:       cn=users,dc=acme,dc=com
      Search Filter:       (&(memberof=cn=group1,cn=users,dc=acme,dc=com)(telephonenumber=*))

  • Number Attributes: Default = see below
    Enter the number attributes the server should return for each entry that matches the Search Base and Search Filter. Other entries could be ipPhone, otherIpPhone, facsimileTelephoneNumber, otherfacsimileTelephone Number, pager or otherPager. The attribute names are not case sensitive. Other LDAP servers may use different attributes.

    • By default the entry is "telephoneNumber,otherTelephone,homePhone=H,otherHomePhone=H,mobile=M,otherMobile=M", as used by Windows 2000 Server Active Directory for Contacts.
    • The optional "=string" sub-fields define how that type of number is tagged in the directory. Thus, for example, a cell phone number would appear in the directory as: John Birbeck M 7325551234

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
about | voice mail | avaya one x quick edition | new jersey phone systems | vm pro | contact us
PO BOX 186 Spring Lake, New Jersey 07762
1-800-429-0077 ::: 732-280-3200
Copyright 2008 CarrollCommunications.com All Rights Reserved.