LDAP stands for Lightweight Directory Access Protocol which is a client/server protocol used to access and manage directory information. It reads and edits directories over IP networks and runs directly over TCP/IP using simple string formats for data transfer. Just as a database management system that is used to process queries and updates to a database, the UCM6xxx act as an LDAP server for users to manage the corporate phonebook in a centralized manner. The LDAP information model is based on entries. An entry is a collection of attributes that has a globally unique Distinguished Name (DN). The DN is used to refer to the entry. Each of the entry’s attributes has a type and one or more values. The types are typically mnemonic strings, like “cn” for Common Name, or “mail” for Email Address. The syntax of values depends on the attribute type.
The UCM built-in LDAP server provides a corporate directory to IP Phones using one or multiple phonebooks. UCM6xxx offers also a “Sync LDAP directory” feature allowing to synchronize LDAP directories between other UCMs for SIP peer trunks to have a centralized phonebook directory between all UCM branches.
In this guide, we will introduce the configuration settings needed to set up the UCM6xxx as an LDAP server and how to download phonebook entries from other LDAP servers.
The LDAP server configuration settings are available under Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP Server Configurations. The default LDAP server configurations are displayed on the following screenshot:
- cn= Common Name
- ou= Organization Unit
- dc= Domain Component
Please refer to the following table describing the LDAP server configuration settings:
Specifies the location in the directory where the search is requested to begin. By default it’s “dc=pbx,dc=com”.
Specifies the location in the directory where the search for PBX entry is requested to begin. It narrows the search scope and decreases directory lookup time. By default it’s “ou=pbx,dc=pbx,dc=com”.
Specifies the location in the directory where the search for the admin user entry is requested to begin. It narrows the search scope and decreases directory lookup time. By default it’s “cn=admin,dc=pbx,dc=com”
Defines the root password for authentication. By default, is “admin”.
Confirm Root Password
Confirms the root password for authentication.
Certificate for LDAPS connections. Uploaded files must be less than 2MB in file size and will be automatically renamed to “server.crt”.
LDAP Private Key
Private key for LDAPS connections. Uploaded files must be less than 2MB in file size and will automatically be renamed to “private.key”.
LDAP CA Cert
Root certificate for LDAPS connections. Uploaded files will be automatically renamed to “server.ca”.
By default, the LDAP server has generated the first phonebook not editable with PBX DN “ou=pbx,dc=pbx,dc=com” based on the UCM6xxx user extensions.
Users could add new phonebook with a different phonebook DN for other external contacts, for example, “ou=grandstream,dc=pbx,dc=com“.
Note: All the phonebooks in the UCM6xxx LDAP server have the same Base DN “dc=pbx,dc=com“.
The first phonebook created by default on the UCM6xxx is for local extensions. The default phonebook list in this LDAP server can be accessible by clicking on but is not editable.
The following figure shows an example of a default phonebook displaying the existing extension.
Users can add other phone books for external accounts. For those phone books, users can edit LDAP attributes, add or delete contacts directly.
Please refer to the following steps in order to add a new LDAP phonebook
- Click on Add button under LDAP phonebook section.
- Configure the Phonebook Prefix that will be used for phonebook DN (Distinguished Name).
- The phonebook DN which is a sibling dn of pbx dn will be generated automatically under Phonebook DN field as displayed on following example.
- Click on Save button to confirm adding the new phonebook.
- User can edit or delete the new created phonebooks by clicking on for editing and adding the new contacts or select to delete phonebook.
- If the UCM6xxx has multiple LDAP phonebooks created, in the LDAP client configuration, users could use “dc=pbx,dc=com” as Base DN to have access to all phonebooks on the UCM6xxx LDAP server, or use a specific phonebook DN, for example “ou=grandstream,dc=pbx,dc=com“, to only access LDAP entries on Phonebook DN “ou=grandstream,dc=pbx,dc=com“.
After creating /configuring the new phonebook that will be used for your LDAP configuration, users may add, edit or delete the phonebook entries (LDAP Attributes).
Please refer to the following steps describing how we can add, edit or delete the LDAP attributes on your phonebook DN:
- Access the Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP phonebook
- Select the phonebook DN on which you want to manage the LDAP entries.
- Click on Add Contact button and fill in the contact’s details on the appropriated fields (Account number, caller ID name, Email, first/last name …).
- Press Save button to add the new contact to Contact list.
- Press Apply Changes button to save all the new contacts and update the contact list on your phonebook DN.
- For more detailed information and description of the LDAP attributes, please refer to [Table 2].
- To edit or clean a field on a specific contact, users can select it from contact list and do the modifications needed, then press Save and Apply Changes buttons to update the contact list.
- To delete a specific contact, users need press on delete icon appropriated to the contact that they want to remove it from their phonebook DN.
Please refer to the following table describing the LDAP attributes:
Defines the account number attribute of an LDAP contact entry. The “+” is now supported.
Specifies the caller id name attributes of an LDAP contact entry.
Specifies the email address attribute of an LDAP contact entry.
Defines the first name attributes of an LDAP contact entry.
Defines the last name attributes of an LDAP contact entry.
Specifies the department attribute of an LDAP contact entry.
Specifies the mobile number attributes of an LDAP contact entry.
Specifies the home number attributes of an LDAP contact entry.
Specifies the fax number attributes of an LDAP contact entry.
UCM6xxx permits to import phonebook and use it on LDAP server.
Please refer to the following steps describing how to import the phonebook:
- Access the Web GUI 🡪System Settings 🡪 LDAP Server > LDAP phonebook
- Click on Import Phonebook button .
- Dialog window will prompt as shown in the figure below.
- Select the file type (CSV, VCF or XML) and click on to browse and select your phonebook from your directory.
The following screenshot illustrates an example of a sample phonebook in CSV format to import. Please note “Account Number” and “Phonebook DN” fields are required. Users could export a phonebook file from the UCM6xxx LDAP phonebook section first and use it as a sample to start with.
- The Phonebook DN field is the same “Phonebook Prefix” entry as when the user clicks on “Add” to create a new phonebook. Therefore, for example if the user enters “grandstream1” in “Phonebook DN” field in the CSV file, the actual phonebook DN “ou=grandstream1,dc=pbx,dc=com” will be automatically created by the UCM6xxx once the CSV file is imported.
- In the CSV file, users can specify different phonebook DN fields for different contacts. If the phonebook DN already exists on the UCM6xxx LDAP Phonebook, the contacts in the CSV file will be added into the existing phonebook. If the phonebook DN doesn’t exist on the UCM6xxx LDAP Phonebook, new phonebooks with this phonebook DN will be created.
- As the default LDAP phonebook with phonebook DN “ou=pbx,dc=pbx,dc=com” cannot be edited or deleted in LDAP phonebook section, users cannot import contacts with phonebook DN field “pbx” if existed in the CSV file.
The following figure illustrates the new phonebook created after importing the sample example of figure 7:
To export the phonebook, select the checkbox for the LDAP phonebook and then click on Export Selected Phonebook button to export the selected phonebook to the desired directory.
The exported phonebook can be used as a record or a sample CSV file for the users to add more contacts in it and import to the UCM6xxx again.
The UCM6xxx can also act as an LDAP client to download phonebook entries from other LDAP servers.
LDAP Client Configurations settings are available under Web GUI 🡪 System Settings 🡪 LDAP Server 🡪 LDAP Phonebook 🡪 Phonebook Download Configurations.
The following figure gives a sample configuration for UCM6xxx acting as an LDAP client.
Assuming the server base dn is “dc=pbx,dc=com“, configure the LDAP clients as following:
- LDAP Server: Enter the IP address or domain name for remote LDAP server.
- Server Address: LDAP server IP address
- Base DN: dc=pbx,dc=com
- User Name: Enter username. This field cannot exceed 64 characters.
- Password: “LDAP server login password”
- Filter: (|(CallerIDName=%)(AccountNumber=%))
- Port: 389
- LDAP Number Attributes: Customized number attributes depending on LDAP server attributes
- LDAP Name Attributes: Customized Name attributes depending on LDAP server attributes
- Client Type: Choose Client Type to be either LDAP or LDAPS
- LDAP Client CA Cert: Upload LDAP client CA certificate, The following file types are supported: .crt .der and .pem
- LDAP Client Private Key: Private key for LDAPS connections. Uploaded files must be less than 2MB in file size.