.. _ldap_bidirectional_synchronization: *********************************** Users Bidirectional Synchronization *********************************** .. important:: This is an enterprise version feature that is not included in XiVO and is not freely available. To enable it, please contact `XiVO team `_. .. _overview: Overview -------- The LDAP Bidirectional Synchronization module enables automatic integration between an enterprise LDAP directory (such as Microsoft Active Directory or any compatible LDAP service) and XiVO. Its purpose is to **simplify user administration**, **automatically provision telephony resources**, and **synchronize user information** based on data already maintained within the company's information system. Through this mechanism, the LDAP directory becomes a trusted source used to create, update, and manage users in XiVO. This module is particularly useful for organizations that want to: - centralize user management - avoid duplicate data entry between directory services and telephony systems - automate telephony resource provisioning - ensure consistency between identity management and telephony infrastructure - streamline and industrialize user deployments .. figure:: images/sync-users.png :scale: 80% .. _features: Key Features ------------ The main objective of this module is to **automatically synchronize users and associated resources between an LDAP directory and XiVO**, ensuring consistent information while reducing manual administration. This synchronization allows organizations to: - automatically create XiVO users from LDAP accounts - update user information when LDAP attributes change - remove or deactivate users based on synchronization policies - automate the assignment of telephony resources .. _Functional Description: Functional Description ---------------------- The synchronization engine connects LDAP directory data with XiVO objects. The module supports: - **automatic creation** of new XiVO users - **automatic update** of existing users - **removal or deactivation** of users according to defined synchronization rules This ensures XiVO remains aligned with the enterprise directory without manual intervention. During synchronization, the module can automatically manage several XiVO resources, including: - users - internal numbers (line) - Direct Inward Dialing numbers (DID) - voicemail accounts - call center agents Depending on the LDAP attributes and configured mapping rules, XiVO can provision the necessary resources required for each user. The module supports multiple number formats, including: - internal numbering - national numbering formats - international numbering - **E.164 format** This ensures numbering consistency regardless of how numbers are stored in LDAP or used within XiVO. Synchronization can allow telephony resources to be assigned directly from LDAP attributes, such as: - internal extensions - DID numbers - information related to inbound routing This enables deeper integration between telephony infrastructure and enterprise identity management. The module can also manage **Call Center agents**. Based on LDAP attributes, it becomes possible to: - automatically create agents - update their information - integrate them into the call center configuration This functionality is particularly useful for organizations operating support teams, customer service departments, or service desks. When a new user account is created, the module can automatically send a summary email containing useful information such as: - login credentials - assigned extension - onboarding or usage information This feature requires a properly configured **SMTP relay** on the client side. .. _Functional Benefits: Functional Benefits ------------------- The main benefit of the module is the elimination of repetitive manual tasks related to user creation and maintenance within XiVO. Administrators no longer need to re-enter information that already exists in the enterprise directory. By using LDAP as the reference directory, organizations ensure stronger consistency between: - identity management systems - telephony infrastructure - user configuration This reduces the risk of errors, omissions, or inconsistent information across systems. The onboarding process for new users becomes significantly faster thanks to automation: - account creation - telephony resource assignment - synchronization of user information - automatic delivery of login details Users can become operational more quickly. The module is particularly valuable for organizations with: - a large number of users - multi-site environments - industrialized deployment requirements - integrated identity and telephony infrastructures .. _Use Cases: Use Cases --------- Enterprise user provisioning ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In organizations where users are already managed in Active Directory, this module allows XiVO accounts to be created automatically without manual input. Multi-site telephony deployments ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LDAP attributes such as location, department, or role can be used to adapt XiVO provisioning according to the company's organizational structure. Call Center workforce management ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Call Center agents can be integrated directly from LDAP, simplifying their creation and lifecycle management. .. _Example synchronization flow: Example synchronization flow ---------------------------- A typical synchronization scenario works as follows: 1. A user is created or modified in the LDAP directory. 2. The synchronization engine reads the configured LDAP attributes. 3. Data is analyzed and transformed according to mapping rules. 4. XiVO checks whether the user already exists. 5. If the user does not exist, XiVO creates the required resources: - user account - internal numbers - DID - voicemail - Call Center agent if applicable 6. If the user already exists, the allowed information is updated. 7. If notifications are enabled, an email is sent to the user. :: [User created/modified in LDAP] | v [LDAP attribute retrieval] | v [Mapping / processing] | v [User lookup in XiVO] | | | exists | not found v v [XiVO update] [XiVO creation] | | +------ +-----+ | v [Notification email] | v [User operational] .. _implementation_notes: Pre-requisites -------------- - Ensure proper configuration of LDAP server and XiVO for bidirectional sync - Set up SMTP relay for user notification emails - Have a webservice user. The permission of this user must be : confd.# - Define which 14 information fields to include in the enriched contact sheet Limitations ----------- - The mobile phone number cannot be synchronized from Xivo to source. - The callerid has to be mapped from a source field (it's not possible to concatenate the firstname and the lastname). - The identifier field CANNOT be modified by a processing. - A voicemail or a line already created can't be associated with a new or existing user. It must first be deleted by hand. - If LDAP GUID attribute must be used as identifier_field, it must mapped to description XiVO field. - Call permissions are not managed. - When en incoming call is disassiociated from its user, the LDAP attribute is not updated: a 'None' value cannot be pushed towards LDAP. - The outgoing_caller_id must be defined in field_mapping.yml even when it is not synchronised to avoid to overwrite with default as defined in User.py (because of LDAP update limitation against 'None' value).