pascom Cloud Phone System Documentation and Release Notes
Users from Microsoft Active Directory
User Synchronisation and Authentication with Microsoft Active Directory
Microsoft Active Directory
In order to be able to read data from Active Directory, you require a user with the appropriate permissions. You could use the Active Directory Administrator for this purpose. However, as the pascom phone system needs to save the access credentials for the automated future imports and the the administrator as significantly more than the required permissions, it is advisable to create a user account for the pascom PBX:
If you use mobydick as the username, this will be automatically detected by the LDAP filter during the import process and will not be automatically added as a pascom phone system user.
Assign a password for the pascom user and select password never expires. The pascom PBX can then authenticate itself by the Active Directory with every execution of the connector sync. If you wish to change this password, you must change the password in both Active Directory and within the pascom connector profile:
“Users from AD” Connector Profile
Create a new connector profile by using the following steps in the pascom phone system Web UI:
Click on the menu option > and then click .
Select the AD User Sync template and enter the following data:
Connector Profile Name
Active Directory Domain Name
Server IP or Host DNS Name
Username and Password
Credentials of the previously added pascom User for authentication
NO: Users will only be imported. Authentication will be performed by the pascom phone system. YES: Users will be imported and the can be authenticated against the AD. In this case, the authentification will be setup and you can modify this according to your needs under > under the tab .
Create pascom softphone
YES: Creates a pascom softphone for every imported user. NO: No pascom softphones will be added for imported users.
Create mobile phone
YES: Creates a mobile phone device for every imported user. NO: No mobile devices will be added for imported users.
After saving, the template can be modified according to requirements under the tab .
Use multiple LDAP URIs from your authentication servers.
Click > from the menu and go to the tab. Here you can specify multiple LDAP(S) URIs, which are separated by a space. If one LDAP server fails, we simply use the second server entered.
Per default, the template will import all users from the AD except for the user mobydick. Using the tab you can restrict the import to groups of users e.g. pascom-user. Simply enter the following code:
# only import users with membership
if (!array_key_exists("memberOf", $row)) return false;
$groups = $row["memberOf"];
# turn a single group membership (string) into a list of memberships (array)
$groups = array($row["memberOf"]);
# always search in a list of memberships
return preg_grep('/pascom-user/i', $groups);
User Fields in AD
Account > sAMAccountName
The login name is used for all logins and can only contain lowercase letters. Required field.
General > displayName
The display name is displayed on telephone displays and within the pascom desktop and mobile clients. Required field.
General > givenName
First name of the user used for the pascom telephone book entry.
General > sn
Last name of the user used for the pascom telephone book entry.
General > telephoneNumber
The user’s internal extension number. If this is not managed in AD, pascom will automatically assign the next available extension from the number pool.
General > mail
User’s e-mail address. Used for sending voicemails and faxes.
Organisation > company
Company to be entered in the user’s pascom telephone book entry.
Phone numbers > homePhone
User’s private / home telephone number for the pascom telephone book entry.
Phone numbers > mobile
The user’s mobile phone number to be added to the pascom telephone book entry and with which a mobile phone device should be automatically created.
Phone numbers > facsimileTelephoneNumber
Internal fax number assigned to the user. Automatically also adds a virtual pascom fax machine assigned to the user. A pre-requirement here is that the pascom fax server is already configured.
These fields are just template suggestions. You can add and remove fields or even modify the complete structure to match your requirements.
Test and Activate the Import Process
After you have finalised your configuration, you can test the connector profile to determine which data sets will be imported using the button. Once you are satisfied with the results, it is possible to either perform a one off import using the > option or automate the import to be performed at regular intervals by clicking the button.
If you have configured the template using the Configure authenticationYES option, it is now possible to test the user authentication process using the following menu options > under the tab and finally using the button.
Do you want to make changes to source variables or the Connector structure? Then follow the links below to the appropriate instructions:
From within the Active Directory, it is possible to directly assign a user with a Softphone or IP telephone.
Assign IP Telephones via MAC Address:
Under the tab add the following lines by clicking :
This line instructs the Connector to save the content of the Active Directory field “ipPhone” to the variable “mac”.
“mac” corresponds to the MAC Address of the IP phone which should be assigned to the user.
This variable now be assigned to the pascom field IP Telephone within the .