Users from LDAP Directory
Synchronise and Authenticate your Users against LDAP
The “Lightweight Directory Access Protocol” (LDAP) is a network protocol for processing of queries and alterations in a shared directory service. LDAP itself is not a directory, but rather the protocol, via which one can use a specific syntax to query information from a LDAP directory.
In order to be allowed to read data from LDAP, a user with the appropriate permissions is required. Enter this user a password and check the password never expires option. pascom phone system authenticates itself against LDAP for each connector run. If you wish to change the password, you must change it in both LDAP and within the pascom Connector profile:
“Users from LDAP” Connector Profile
Create a new connector profile by navigating to the following options within the pascom admin Web UI: > and click .
Select the template Users from LDAP and enter the following information:
|Title||Connector profile name|
|LDAP URI||URL to the LDAP directory|
|Base DN||BaseDN specifies the position within the LDAP directory which should be read|
|Username||User with LDAP directory access permissions (LDAP bindDN)|
|Password||Password for LDAP Authentication|
|Search Filter||Filter for more detailed LDAP directory searches|
|Enable User Authentication||NO: Users will be imported and the authenticated against the pascom server.
YES: Users will be imported and can be authenticated against LDAP. In this case, the authentication will be setup and you can modify it to your requirements under > im Reiter .
|Username field||(optional) You can enter the field name from which the to be imported users' username should be read. Default: samAccountName|
|Create pascom Softphone||YES: Automatically adds a pascom softphone for every imported user. NO: No pascom softphones will be added for imported users.|
|Create mobile phone||YES: Creates a mobile phone device for every imported user. NO: No mobile devices will be added for imported users.|
After saving, the template can be modified according to requirements under the tab .
Use multiple LDAP URIs from your authentication servers.
Click > from the menu and go to the tab. Here you can specify multiple LDAP(S) URIs, which are separated by a space. If one LDAP server fails, we simply use the second server entered.
Per default, the template will import all users from the LDAP directory. Using the tab you can restrict the import according to certain factors e.g. displayName is populated. Simply replace “return true;” with the following code:
return array_key_exists('displayName', $row);
User Fields in LDAP
Via the tab, in the Source column it is possible to define from which LDAP user fields the information can be read from. The Variables in the left column define which information sets can be imported into the pascom phone system.
The preset fields are suggestions for the template. It is possible to add, modify and remove fields i.e. completely alter the import structure to match your requirements.
Test and Activate the Import Process
After you have finalised your configuration, you can test the connector profile to determine which datasets will be imported using the button. Once you are satisfied with the results, it is possible to either perform a one off import using the > option or automate the import to be performed at regular intervals by clicking the button.
If you have configured the template using the Configure authentication YES option, it is now possible to test the user authentication process using the following menu options > under the tab and finally using the button.
Do you want to make changes to source variables or the Connector structure? Then follow the links below to the appropriate instructions:
Assign a Softphone, Mobile Phone or IP Telephone
From within LDAP, it is possible to directly assign a user with a Softphone or IP telephone.
Assign IP Telephones via MAC Address:
Within the User from LDAP import, all required Variables and Structure for adding an IP telephony are already available.
Make sure, that values in your LDAP directory user fields are populated in accordance to how they are found in the pascom Web UI under the tab:
||IP Telephone MAC Address|
||IP Telephone IP Address|
||Username for authenticating on the IP telephone|
||Password for authenticating on the IP telephone|
Optionally, the IP telephone FollowMe settings can also be set:
||Internal calls: timeout in seconds|
||Internal calls: delay in seconds|
||External calls: timeout in seconds|
||Team calls: delay in seconds|
||Team calls: timeout in seconds|
||Team calls: delay in seconds|
Through these lines, the connector will save the content of the LDAP user fields to the corresponding pascom variable.
If you want to assign users with a pascom softphone, it is not necessary to add an additional variable.
Under it is sufficient to set the entry createSoftphone to “return true;”.
Mobile Phone Assignment:
If you want to assign users with a mobile phone, it is not necessary to add an additional variable. The mobile phone number will be automatically read from the LDAP user field “mobile”.
Under it is sufficient to set the entry createMobile to “return true;”.