LDAP

XiVO offers the possibility to integrate LDAP servers.
Once configured properly, you’ll be able to search your LDAP servers from your XiVO and from your phones (if they support this feature).

Add a LDAP Server

In Configuration ‣ Management ‣ LDAP Servers

../../../../_images/ldap_addserver.png

Adding a LDAP server

Enter the following information:

  • Name: the server’s display name

  • Host: the hostname or IP address

  • Port: the port number (default: 389)

  • Security layer: select SSL if it is activated on your server and you want to use it (default: disabled)

    • SSL means TLS/SSL (doesn’t mean StartTLS) and port 636 should then be used

  • Protocol version: the LDAP protocol version (default: 3)

Notes on SSL/TLS usage

If you are using SSL with an LDAP server that is using a CA certificate from an unknown certificate authority, you’ll have to put the certificate file as a single file ending with .crt into /usr/local/share/ca-certificates and run update-ca-certificates.

You also need to make sure that the /etc/ldap/ldap.conf file contains a line TLS_CACERT /etc/ssl/certs/ca-certificates.crt.

After that, restart spawn-fcgi with service spawn-fcgi restart.

Also, make sure to use the FQDN of the server in the host field when using SSL. The host field must match exactly what’s in the CN attribute of the server certificate.

Add a LDAP Filter

Next thing to do after adding a LDAP server is to create a LDAP filter.

In Services ‣ IPBX configuration ‣ LDAP Filters :

../../../../_images/ldap_addfilter.png

Adding a LDAP Filter

Enter the following information:

  • Name: the filter’s display name

  • LDAP server: the LDAP server this filter applies to

  • User: the dn of the user used to do search requests

  • Password: the password of the given user

  • Base DN: the base dn of search requests

  • Filter: if specified, it replace the default filter

Use a Custom Filter

In some cases, you might have to use a custom filter for your search requests instead of the default filter.

In custom filters, occurrence of the pattern %Q is replaced by what the user entered on its phone.

Here’s some examples of custom filters:

  • cn=*%Q*

  • &(cn=*%Q*)(mail=*@example.org)

  • |(cn=*%Q*)(displayName=*%Q*)

Add a Directory Definition

The next step is to add a directory defintion for the LDAP filter you just created, like for other Directories.

In Services ‣ CTI Server ‣ Directories ‣ Definitions:

../../../../_images/ctiserver_add_ldap_directory_filter.png

If a custom filter is defined in the LDAP filter configuration, the fields in direct match will be added to that filter using an &. To only use the filter field of your LDAP filter configuration, do not add any direct match fields in your directory definition.

Example:

  • Given an LDAP filter with filter st=Canada

  • Given a directory definition with a direct match cn,o

  • Then the resulting filter when doing a search will be &(st=Canada)(|(cn=*%Q*)(o=*%Q*))