LDAP Server

  • Updated on September 14, 2022

LDAP stands for Lightweight Directory Access Protocol which is a client/server protocol used to access and manage directory information. It reads and edits directories over IP networks and runs directly over TCP/IP using simple string formats for data transfer. Just as a database management system that is used to process queries and updates to a database, the UCM6xxx act as an LDAP server for users to manage the corporate phonebook in a centralized manner. The LDAP information model is based on entries. An entry is a collection of attributes that has a globally unique Distinguished Name (DN). The DN is used to refer to the entry. Each of the entry’s attributes has a type and one or more values. The types are typically mnemonic strings, like “cn” for Common Name, or “mail” for Email Address. The syntax of values depends on the attribute type.

The UCM built-in LDAP server provides a corporate directory to IP Phones using one or multiple phonebooks. UCM6xxx offers also a “Sync LDAP directory” feature allowing to synchronize LDAP directories between other UCMs for SIP peer trunks to have a centralized phonebook directory between all UCM branches.

In this guide, we will introduce the configuration settings needed to set up the UCM6xxx as an LDAP server and how to download phonebook entries from other LDAP servers.

UCM6XXX series include UCM620x series, UCM630x series, UCM630xA series, and UCM6510.

LDAP Server Configuration

The LDAP server configuration settings are available under Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP Server Configurations. The default LDAP server configurations are displayed on the following screenshot:

Figure 1: LDAP Server Configurations

Terminology:

  • cn= Common Name
  • ou= Organization Unit
  • dc= Domain Component

Please refer to the following table describing the LDAP server configuration settings:

Base DN

Specifies the location in the directory where the search is requested to begin. By default it’s “dc=pbx,dc=com”.

PBX DN

Specifies the location in the directory where the search for PBX entry is requested to begin. It narrows the search scope and decreases directory lookup time. By default it’s “ou=pbx,dc=pbx,dc=com”.

Root DN

Specifies the location in the directory where the search for the admin user entry is requested to begin. It narrows the search scope and decreases directory lookup time. By default it’s “cn=admin,dc=pbx,dc=com

Root Password

Defines the root password for authentication. By default, is “admin”.

Confirm Root Password

Confirms the root password for authentication.

LDAP Cert

Certificate for LDAPS connections. Uploaded files must be less than 2MB in file size and will be automatically renamed to “server.crt”.

LDAP Private Key

Private key for LDAPS connections. Uploaded files must be less than 2MB in file size and will automatically be renamed to “private.key”.

LDAP CA Cert

Root certificate for LDAPS connections. Uploaded files will be automatically renamed to “server.ca”.

Table 1: LDAP Server Configurations

  • Aside from UCM630x and UCM630xA series, The UCM6xxx LDAP server supports anonymous access (read-only) by default. Therefore, the LDAP client does not have to configure username and password to access the phonebook directory. The “Root DN” and “Root Password” here are for LDAP management and configuration where users will need provide for authentication purpose before modifying the LDAP information.
  • The UCM630x and UCM630xA series do not allow anonymous access.

LDAP Phonebook

By default, the LDAP server has generated the first phonebook not editable with PBX DN “ou=pbx,dc=pbx,dc=com” based on the UCM6xxx user extensions.

Users could add new phonebook with a different phonebook DN for other external contacts, for example, “ou=grandstream,dc=pbx,dc=com“.

Note: All the phonebooks in the UCM6xxx LDAP server have the same Base DN “dc=pbx,dc=com“.

Access the Default Phonebook DN

The first phonebook created by default on the UCM6xxx is for local extensions. The default phonebook list in this LDAP server can be accessible by clicking on but is not editable.

The following figure shows an example of a default phonebook displaying the existing extension.

Figure 2: Default LDAP Phonebook

  • The contacts displayed on the default LDAP phonebook cannot be added or deleted directly. To add or delete the contacts, users need to modify the accounts in “Extensions” page first. To modify the read-only attributes, please edit the corresponding items in “Extensions” page and the phone book will be automatically updated when the change is saved and applied.
  • If users have the Grandstream phones provisioned by the UCM6xxx, the LDAP directory will be configured on the phones and can be used right away for users to access all phonebooks. Additionally, users could manually configure the LDAP client settings to manipulate the built-in LDAP server on the UCM6xxx.

Add a New Phonebook DN

Users can add other phone books for external accounts. For those phone books, users can edit LDAP attributes, add or delete contacts directly.

Please refer to the following steps in order to add a new LDAP phonebook

  1. Click on Add button under LDAP phonebook section.
  2. Configure the Phonebook Prefix that will be used for phonebook DN (Distinguished Name).
  3. The phonebook DN which is a sibling dn of pbx dn will be generated automatically under Phonebook DN field as displayed on following example.
Figure 3: Add new phonebook

  1. Click on Save button to confirm adding the new phonebook.
Figure 4: List of Phonebook DN

Notes:

  • User can edit or delete the new created phonebooks by clicking on for editing and adding the new contacts or select to delete phonebook.
  • If the UCM6xxx has multiple LDAP phonebooks created, in the LDAP client configuration, users could use “dc=pbx,dc=com” as Base DN to have access to all phonebooks on the UCM6xxx LDAP server, or use a specific phonebook DN, for example “ou=grandstream,dc=pbx,dc=com“, to only access LDAP entries on Phonebook DN “ou=grandstream,dc=pbx,dc=com“.

Add contacts to Phonebook DN

After creating /configuring the new phonebook that will be used for your LDAP configuration, users may add, edit or delete the phonebook entries (LDAP Attributes).

Please refer to the following steps describing how we can add, edit or delete the LDAP attributes on your phonebook DN:

  1. Access the Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP phonebook
  2. Select the phonebook DN on which you want to manage the LDAP entries.
  3. Click on Add Contact button and fill in the contact’s details on the appropriated fields (Account number, caller ID name, Email, first/last name …).
  4. Press Save button to add the new contact to Contact list.
  5. Press Apply Changes button to save all the new contacts and update the contact list on your phonebook DN.

Notes:

  • For more detailed information and description of the LDAP attributes, please refer to [Table 2].
  • To edit or clean a field on a specific contact, users can select it from contact list and do the modifications needed, then press Save and Apply Changes buttons to update the contact list.
  • To delete a specific contact, users need press on delete icon appropriated to the contact that they want to remove it from their phonebook DN.
Figure 5: LDAP Entries

Please refer to the following table describing the LDAP attributes:

Account Number

Defines the account number attribute of an LDAP contact entry. The “+” is now supported.

CallerID Name

Specifies the caller id name attributes of an LDAP contact entry.

Email

Specifies the email address attribute of an LDAP contact entry.

First Name

Defines the first name attributes of an LDAP contact entry.

Last Name

Defines the last name attributes of an LDAP contact entry.

Department

Specifies the department attribute of an LDAP contact entry.

Mobile Number

Specifies the mobile number attributes of an LDAP contact entry.

Home Number

Specifies the home number attributes of an LDAP contact entry.

Fax

Specifies the fax number attributes of an LDAP contact entry.

Table 2: LDAP attributes description

Import Phonebook to LDAP Server

UCM6xxx permits to import phonebook and use it on LDAP server.

Please refer to the following steps describing how to import the phonebook:

  1. Access the Web GUI 🡪System Settings 🡪 LDAP Server > LDAP phonebook
  2. Click on Import Phonebook button .
  3. Dialog window will prompt as shown in the figure below.
  4. Select the file type (CSV, VCF or XML) and click on to browse and select your phonebook from your directory.

The file to be imported must be a CSV file with UTF-8 encoding. Users can open the CSV file with Notepad and save it with UTF-8 encoding.

Figure 6: Import Phonebook

The following screenshot illustrates an example of a sample phonebook in CSV format to import. Please note “Account Number” and “Phonebook DN” fields are required. Users could export a phonebook file from the UCM6xxx LDAP phonebook section first and use it as a sample to start with.

Figure 7: Example Phonebook

Notes:

  • The Phonebook DN field is the same “Phonebook Prefix” entry as when the user clicks on “Add” to create a new phonebook. Therefore, for example if the user enters “grandstream1” in “Phonebook DN” field in the CSV file, the actual phonebook DN “ou=grandstream1,dc=pbx,dc=com” will be automatically created by the UCM6xxx once the CSV file is imported.
  • In the CSV file, users can specify different phonebook DN fields for different contacts. If the phonebook DN already exists on the UCM6xxx LDAP Phonebook, the contacts in the CSV file will be added into the existing phonebook. If the phonebook DN doesn’t exist on the UCM6xxx LDAP Phonebook, new phonebooks with this phonebook DN will be created.
  • As the default LDAP phonebook with phonebook DN “ou=pbx,dc=pbx,dc=com” cannot be edited or deleted in LDAP phonebook section, users cannot import contacts with phonebook DN field “pbx” if existed in the CSV file.

The following figure illustrates the new phonebook created after importing the sample example of figure 7:

Figure 8: LDAP Phonebook Imported

Export Phonebook from LDAP Server

To export the phonebook, select the checkbox for the LDAP phonebook and then click on Export Selected Phonebook button to export the selected phonebook to the desired directory.

The exported phonebook can be used as a record or a sample CSV file for the users to add more contacts in it and import to the UCM6xxx again.

Figure 9: Phonebook Export

LDAP Client Configuration Example

The UCM6xxx can also act as an LDAP client to download phonebook entries from other LDAP servers.

LDAP Client Configurations settings are available under Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP Phonebook 🡪 Phonebook Download Configurations.

The following figure gives a sample configuration for UCM6xxx acting as an LDAP client.

Figure 10: LDAP Client Configuration

Assuming the server base dn is “dc=pbx,dc=com“, configure the LDAP clients as following:

  • LDAP Server: Enter the IP address or domain name for remote LDAP server.
  • Server Address: LDAP server IP address
  • Base DN: dc=pbx,dc=com
  • User Name: Enter username. This field cannot exceed 64 characters.
  • Password: “LDAP server login password”
  • Filter: (|(CallerIDName=%)(AccountNumber=%))
  • Port: 389
  • LDAP Number Attributes: Customized number attributes depending on LDAP server attributes
  • LDAP Name Attributes: Customized Name attributes depending on LDAP server attributes
  • Client Type: Choose Client Type to be either LDAP or LDAPS
  • LDAP Client CA Cert: Upload LDAP client CA certificate, The following file types are supported: .crt .der and .pem
  • LDAP Client Private Key: Private key for LDAPS connections. Uploaded files must be less than 2MB in file size.

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Comment

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept