cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.

App Note: Configuring LDAP Corporate Directory search on SPA9X2 SIP IP Phones

15218
Views
0
Helpful
26
Comments
This Application Note describes the configuration of SPA phones (with 6.1 release) to activate the integration of LDAP based corporate directories (such as Microsoft Active Directory 2003 and OpenLDAP), allowing corporate directory contacts search and dial from the SPA9X2 phones.
Comments
Beginner

Would it be possible to get a more complete explanation of how to configure the LDAP Display Attrs and LDAP Number Mapping fields?

Cisco Employee

Sure, what fields you require more explanation?...did you look at the traces at the end of the doc? would an example help?

Beginner

Well, as a for instance I'm trying to get the directory to show the "ipphone" attribute as the phone number.  I've got the phone doing lookups against Active Directory correctly and it will show the ipphone number, which is 3 digits long.  Problem is that when I hit the dial button the phone reboots.  Right now I'm guessing that the "t" value might be causing issues but didn't know if there were other values possible.

Also, the phone has a nasty tendency to reboot when cancelling out of a lookup.

Cisco Employee

I'm interested in the "t" value that may be causing reboots. Please send me [paborn at cisco_dot_com] the phone's config. http://<ip_of_phone>/admin/advanced Use your browser to save as complete HTML page.

I'll work on better documenting "LDAP Display Attrs" and "LDAP Number Mapping", but will take several days to get this completed.

Cisco Employee

I've updated the LDAP document and have included examples of using both the display attributes and number mapping features.

Please take a look and let me know if the guide is a little clearer.

Consider taking a look at the https://fsuid.fsu.edu/admin/lib/WinADLDAPAttributes.html site. They've got some LDAP details that may be of use to you too.

Regards,

Patrick

----------

Cisco Employee

Just a quick note on configuring LDAP on your phones:

1.       Phone web-ui > Phone tab > LDAP Corporate Directory Search > LDAP Display Attrs:
This is a required field  that formats the results of the LDAP search on the phone.
Without this field the Phone > “dir” Softkey will not display the LDAP option that you’re attempting to configure.
Add something like a=cn;a=sn;a=telephoneNumber,n=Phone,t=p;
This will display:
PatrickBorn
123456
Where cn=Patrick, sn=Born, and telephoneNumber=123456 on the LDAP server

2.       Phone web-ui > Phone tab > LDAP Corporate Directory Search > LDAP Last Name Filter:
Without this field, last names [Surname/Family name] cannot be displayed if a=sn is used in #1

3.       Phone web-ui > Phone tab > LDAP Corporate Directory Search > LDAP First Name Filter:
Without this field, first names [Christian name / Given name] cannot be displayed if a=cn is used in #1

4.       Phone web-ui > Phone tab > LDAP Corporate Directory Search > LDAP Username:
Typically LDAP is secured and requires a user name and password credentials before providing directory information

Regards,

Patrick

----------

Community Member

I have successfully managed to get LDAP queries working on an SPA942 but the format returned by the LDAP directory looks like this:  "+44(0) 207 032 5000" which when I dial doesn't work - I assume because the "+" and brackets are not recognised by the SIP proxy. My proxy needs to see a standard UK dialled number (eg. 02070325000).

Can you specify removal of these characters in the LDAP Number Mapping field. It seems to be the same syntax as the Dialplan String field which only allows match/replace of digits or # or *  but really I need to remove the "+" and "()" characters which my LDAP server adds.

Cisco Employee

Hi Antony,

Thanks for letting me know that you got LDAP working.

I believe that the + ( ) and the spaces may be causing problems for the phone.

Don't forget that you need a steering digit to the string in order to seize a line for an external call.

A sequence of <+44(0):0>xxxn| where:

  +44(0) is to be replaced with 0, assuming that you use 0 as a steering digit.

  n = an x for every character presented [02070325000 would be xxxxxxxxxxx {11 x}]

   The trick is to determine if the phone counts spaces, would +44(0) 207 032 5000 be 19 or 16 characters?

The easiest solution would be to ask your LDAP administration team to supply dialable information without the +( ), and spaces.

Regards,

Patrick

-----------

Cisco Employee

Antony,

I've just confirmed that <+44(0):0>xxxn will not work. It's only possible to manipulate characters represented by the phone's buttons.

Regards,

Patrick

-----------

Community Member

Patrick, is there any way to get the SPA942 to translate + into something localised?

This isn't specifically for LDAP (although, than you so much for posting this, I have been struggling since 6.1's release to get it working, and now it is!) but with phones deployed in multiple countries, providing a + in the directories (LDAP or personal) translated into the local international access code would save a lot of localisation work.

If not in this version of SPA software, do you know if this would be in any upcoming firmware? Or even just a way to turn standard phone formats into numbers (ie, strip all ()- and spaces)? Would help with identifying incoming numbers when doing the CLI lookup, too.

Cisco Employee

Hi,

No, currently there is no way for the SPA9x2 phones to translate unrecognized characters into something localized. I'll share with the phones' product manager so that the team is aware of the feature request. Thanks for making the suggestion.

Currently, the SPA9x2 phones, when registered to a SPA9000 will ignore unrecognized characters ('+', '(', ')', ' ') that are mixed in with dialed digits and will only process digits.

The dial plan should be configured to only consider the digit sequence, thus if the phone receives "+87(0) 123 456 7890" then set up the dial plan for "8701234567890".

However; when a SPA9x2 phone is registered directly to an ITSP (UA config), the phone does not ignore the unrecognized characters.

We're currently investigating this.

Regards,

Patrick

----------

Community Member

<p>Hello</p> <p> </p> <p>is it possible to "modify" the LDAP Phone number within the LDAP Display Attrs: - so the LDAP Number Mapping is not used.</p> <p>and second question is where can I find the updated LDAP document with included examples.</p> <p> </p> <p>Regards</p> <p>Holger</p> <p> </p>,

Cisco Employee

Hi Holger,

Apologies for the delayed response. I'd missed your comment.

You can leave the LDAP number mapping empty if you do not want number mapping. When the LDAP number mapping field is populated, any matched strings will be remapped appropriately.

The updated LDAP SPA900_LDAP_CORP_DIR_V11.pdf document is available is at the top of this page.

Regards,

Patrick

----------

Community Member

Hello,

I can't get LDAP to work with our 2003 AD organization. I followed all the steps discribed in the document but still no result.

I'm using firmware version 6.1.5a on a Linksys SPA962. I tried all three authentication methods but I keep receiving the following message on the phone: LDAP Error: cannot connect to server.

I tested the credentials of the account I'm using to see if I'm able to query the LDAP server. This all works fine but on the phone it will not work.

Please help!!!

Regards,

Michel

Cisco Employee

Hi Michel,

I suggest that you capture a network trace with Wireshark during the query so that you can view the interaction between the phone and the LDAP server in order to help you troubleshoot this.

Regards,

Patrick

----------