pascom Cloud Phone System Documentation and Release Notes

Users from LDAP Directory

Synchronise and Authenticate your Users against LDAP


The “Lightweight Directory Access Protocol” (LDAP) is a network protocol for processing of queries and alterations in a shared directory service. LDAP itself is not a directory, but rather the protocol, via which one can use a specific syntax to query information from a LDAP directory.

In order to be allowed to read data from LDAP, a user with the appropriate permissions is required. Enter this user a password and check the password never expires option. pascom phone system authenticates itself against LDAP for each connector run. If you wish to change the password, you must change it in both LDAP and within the pascom Connector profile:

“Users from LDAP” Connector Profile

Create a new connector profile by navigating to the following options within the pascom admin Web UI: > and click .

Select the template Users from LDAP and enter the following information:

Field Description
Title Connector profile name
LDAP URI URL to the LDAP directory
Base DN BaseDN specifies the position within the LDAP directory which should be read
Username User with LDAP directory access permissions (LDAP bindDN)
Password Password for LDAP Authentication
Search Filter Filter for more detailed LDAP directory searches
Enable User Authentication NO: Users will be imported and the authenticated against the pascom server.
YES: Users will be imported and can be authenticated against LDAP. In this case, the authentication will be setup and you can modify it to your requirements under > im Reiter .
Username field (optional) You can enter the field name from which the to be imported users' username should be read. Default: samAccountName
Create pascom Softphone YES: Automatically adds a pascom softphone for every imported user. NO: No pascom softphones will be added for imported users.
Create mobile phone YES: Creates a mobile phone device for every imported user. NO: No mobile devices will be added for imported users.

After saving, the template can be modified according to requirements under the tab .

Use multiple LDAP URIs from your authentication servers.

Click > from the menu and go to the tab. Here you can specify multiple LDAP(S) URIs, which are separated by a space. If one LDAP server fails, we simply use the second server entered.

Use multiple LDAP URIs

Pre Filter

Per default, the template will import all users from the LDAP directory. Using the tab you can restrict the import according to certain factors e.g. displayName is populated. Simply replace “return true;” with the following code:

return array_key_exists('displayName', $row);

User Fields in LDAP

Via the tab, in the Source column it is possible to define from which LDAP user fields the information can be read from. The Variables in the left column define which information sets can be imported into the pascom phone system.

The preset fields are suggestions for the template. It is possible to add, modify and remove fields i.e. completely alter the import structure to match your requirements.

Test and Activate the Import Process

After you have finalised your configuration, you can test the connector profile to determine which datasets will be imported using the button. Once you are satisfied with the results, it is possible to either perform a one off import using the > option or automate the import to be performed at regular intervals by clicking the button.

Authentication Tests

If you have configured the template using the Configure authentication YES option, it is now possible to test the user authentication process using the following menu options > under the tab and finally using the button.

Optional Modifications

Do you want to make changes to source variables or the Connector structure? Then follow the links below to the appropriate instructions:

Variable Assignment

Variables structure

Assign a Softphone, Mobile Phone or IP Telephone

From within LDAP, it is possible to directly assign a user with a Softphone or IP telephone.

Assign IP Telephones via MAC Address:

Within the User from LDAP import, all required Variables and Structure for adding an IP telephony are already available.

Make sure, that values in your LDAP directory user fields are populated in accordance to how they are found in the pascom Web UI under the tab:

Variable Source Description
phonemac return $row['phonemac']; IP Telephone MAC Address
phoneip return $row['phoneip']; IP Telephone IP Address
phoneuser return $row['phoneuser']; Username for authenticating on the IP telephone
phonepass return $row['phonepass']; Password for authenticating on the IP telephone

Optionally, the IP telephone FollowMe settings can also be set:

Variable Source Description
inttimeout return $row['inttimeout']; Internal calls: timeout in seconds
intdelay return $row['intdelay']; Internal calls: delay in seconds
exttimeout return $row['exttimeout']; External calls: timeout in seconds
extdelay return $row['extdelay']; Team calls: delay in seconds
quetimeout return $row['quetimeout']; Team calls: timeout in seconds
quedelay return $row['quedelay']; Team calls: delay in seconds

Through these lines, the connector will save the content of the LDAP user fields to the corresponding pascom variable.

Softphone Assignment:

If you want to assign users with a pascom softphone, it is not necessary to add an additional variable.

Under it is sufficient to set the entry createSoftphone to “return true;”.

Mobile Phone Assignment:

If you want to assign users with a mobile phone, it is not necessary to add an additional variable. The mobile phone number will be automatically read from the LDAP user field “mobile”.

Under it is sufficient to set the entry createMobile to “return true;”.