LDAP
OpenLDAP
1. To install OpenLDAP Server
OpenLDAP Server is free available from:
http://www.openldap.org/software/download/
1.1 Double click the OpenLDAP application to start the installation:
For example: openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
1.2 Click "Browse" to locate the installation path(for example: c:\OpenLDAP), and then click "Next".
1.3 Select "Full installation" as below and click "Next" to continue.
1.4 Click "Next/Install" as Default setting.
1.5 Click "Finish" to complete the OpenLDAP installation.
2. To configure the LDAP Server
2.1 Add the schema commands.
Open the slap.conf file under the installation path. And find the command :./schema/core.schema, and then add the following commands:
include ./schema/cosine.schema include ./schema/inetorgperson.schema include ./schema/corba.schema include ./schema/dyngroup.schema include ./schema/java.schema include ./schema/misc.schema include ./schema/nis.schema include ./schema/openldap.schema |
2.2 Edit the manager information:
Find the following commands in slap.conf:
suffix “dc=my-domain, dc=com” rootdn “cn=manager,dc=mg-domain,dc=com” rootpw secret |
suffix defines the components of the domain name.
rootdn is the manager access to the LDAP server.
rootpw means the password of the manager.
For example, you can change the context as following:
suffix “dc=HanLong,dc= com” rootdn “cn=manager,dc=HanLong,dc=com” rootpw secret |
3. To Run Slapd Server
3.1 Click Start→ Run→ input cmd→Enter.
3.2 Perform the cd command to locate the server installation path.
For example: input cd c:\OpenLDAP(c:\OpenLDAP)
3.3 Enter the slapd -d -1 command to start the slapd server.
When showing "slapd starting", it means the slapd server runs successfully.
Note: Keep the window open to ensure the server is running. |
4. To add initial Entry to the LDAP Directory
4.1 Create .ldif file under the located path.
For example: create a file test.ldif under c:\OpenLDAP.
Input the following context in the .ldif file and save.
dn:dc=HanLong,dc= com
|
4.2 To make the Entry effective.
4.2.1 Click start→run→Enter cmd→Enter
4.2.2 Input cd c:\OpenLDAP
4.2.3 Input ldapadd –x –D "cn=manager,dc=HanLong,dc=com" –w secret –f test.ldif
5. To Install LDAP Client
LDAPExploreTool2 is free on web http://ldaptool.sourceforge.net/.
5.1 Double click LDAPExploreTool2.exe, and then click "Next".
5.2 Select the installation and then click "Next" as default setting.
5.3 Click "Finish" to finish the installation.
6. To Configure LDAP Client
6.1 Run LDAPExploreTool2.
Double click LDAPExploreTool Icon on the table.
6.2 To Create a Configuration.
6.2.1 Click File→Configuration→New, to add a new configuration.
6.2.2 Fill the Configuration name, for example: LDAP.
6.2.3 Fill the Server Name or IP under Server table, for example: 192.168.0.90. Leave the Server port and Server SSL port as default.
6.2.4 Under the Connection table, fill the User DN and Password.
The context filled on User DN is same as "rootdn" in .ldif file.
For example:
User ID: cn=manager,dc=HanLong,dc=com
Password: secret
Click the "Guess value" to get the base DN and then click "Test connection" to test the connection status.
6.2.5 Click "Ok" to finish the configuration.
7. To Add contacts
7.1 Open the created configuration.
7.1.1 Click File→Configuration→select the created configuration.
For example: LDAP
7.1.2 Click "Open" to open the configuration.
7.2 To Add the new entry creation.
7.2.1 Right click the root entry and click the "Add" button to add new entries.
7.2.2 Fill the "Entry RDN" follow the format: cn=xxx, for example: cn=Alyssa.
7.2.3 Select the "Object Class", for example: person.
7.2.4 Double click the sn in the "MUST attributes", and then right click sn to fill the value: For example Cheng.
7.2.5 Double click cn in the "MUST attributes", and then right click cn to add the cn value(the value is same as "Entry RDN", here for example is Alyssa).
7.2.6 Double click "Object Class".
7.2.7 Double click the telephoneNumber in "May attributes", and then right click to add the value.
7.2.8 Click "Save" to save this Entry.
7.2.9 Repeat Step 7.2.1—7.2.8 to add more Entries.
Note: |
Active Directory
1. To install the Microsoft Active Directory Domain Services
Note: This section shows you how to install an active directory on Microsoft Windows Server 2008 or Microsoft Windows Server 2008 R2 Enterprise 64-bit system.
1.1 Click Start→Run.
1.2 Enter dcpromo in the pop-up dialogue box and click "ENTER".
1.3 The Active Directory Domain Services Installation Wizard will appear after a short while, click "Next":
1.4 Popup hint window, click "ok".
1.5 Read the provided information and click "Next":
1.6 Mark the "Create a new domain in a new forest" radio box and click "Next".
Note: We recommend that you set a strong password for the local Administrator account before you create the new domain.
1.7 Enter an appropriate domain name for the forest root domain and click "Next":
The wizard will check if the domain name is in use on the local network:
1.8 Select the desired forest functional level from the pull-down list of "Forest functional level", and click "Next".
For more information, click "domain and forest functional levels":
1.9 Select the desired domain functional level from the pull-down list of "Domain functional level", and click "Next".
For more information, click "domain and forest functional levels".
1.10 Select additional options for this domain controller if required, and click "Next".
1.11 The wizard will prompt a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click "Yes".
1.12 Specify the desired paths for the database, log files and SYSVOL folders, and click "Next".
For more information, click "placing Active Directory Domain Services files".
1.13 Configure the password for the active directory recovery mode, and click "Next".
For more information, click "Directory Services Restore Mode password".
The password should be complex and at least 7 characters long.
1.14 Review your selection and click "Next".
The wizard will prompt that the system begins to create the Active Directory Domain Services.
1.15 Click "Finish" to complete and exit the wizard:
2. To Install the Active Directory Lightweight Directory Services Role
You should also install the Active Directory Lightweight Directory Services role on Windows Server 2008 system.
2.1 Click Start->Administrative Tools->Server Manager.
2.2 Right click "Roles", and then select "Add Roles".
2.3 The Add Roles Wizard will pop up, click "Next".
2.4 Check the "Active Directory Lightweight Directory Services" checkbox and click "Next".
2.5 Follow the default settings and click "Next".
2.6 When the installation is completed, click "Close".
After the installation succeeds, you will find the "Active Directory Lightweight Directory Services" role listed in roles of the server manager.
3. Configuring the Microsoft Active Directory Server
To add an entry to the Active Directory:
3.1 Click Start->Administrative Tools->Server Manager.
3.2 Double click Roles->Active Directory Domain Services->Active Directory Users and Computers.
3.3 Double click the domain name created above (e.g., ldap.htek.com), and then select Users->New->Contact.
3.4 Enter the desired name of the Contact.
3.5 Click "OK" to accept the change, you can see the added contact in the Users field.
Using LDAP on Htek IP Phones
1. Configuring Htek IP Phones
LDAP is disabled on IP Phones by default. You can configure LDAP via web interface or using configuration files. The feature is supported version 1.0.3.82 or later.
To configure LDAP feature via web user interface:
4.1 Press the "OK" key on the phone when it is idle to obtain the IP address.
4.2 Enter the IP address (e.g., http://192.168.0.100 or 192.168.0.100) in the address bar of web browser on your PC and then press Enter.
4.3 Enter the user name and password in the login page.
The default login user name is admin (case-sensitive) and the password is admin (case-sensitive).
4.4 Click on Directory->LDAP.
4.5 Enter the desired values in the corresponding fields.
The screenshot for reference is shown as below:
4.6 Click "SaveSet" to accept the change.
2. LDAP Attributes on Web Interface
LDAP Name Filter: This parameter specifies the name attributes for LDAP searching. The "%" symbol in the filter stands for the entering string used as the prefix of the filter condition.
For example (cn=%), when the name prefix of the cn of the contact record matches the search criteria, the record will be displayed on the IP PHONE LCD.
LDAP Number Filter: This parameter specifies the number attributes for LDAP searching.
Server Address: Fill the domain name or IP address of the LDAP Server. For example: 192.168.0.9
Port: Fill the port of the LDAP Server, for example: 389 as default.
Base: Fill the same value as suffix value mentioned before. For example: dc=HanLong,dc=com
User Name: Fill the same value as rootdn mentioned before. For example: cn=manager,dc=HanLong,dc=com
Password: Fill the same value as the rootpw mentioned before. For example: secret
Max.Hits: the maximum number of the search results to be returned by the LDAP server.
LDAP Name Attributes: Fill the LDAP Name Filter, separated by a space between two values. If you set this attribute, the LDAP Server will send the name attribute to SIP Server, for example: cn
LDAP Number Attributes: Fill the LDAP Number Filter, separated by a space between two values. If you set this attribute, the LDAP Server will send the number attribute to SIP Server, for example: telephoneNumber
LDAP Display Name: Fill the display name of the contact record displayed on the LCD screen, each value is preceded by % , with no space separation required, for example: %cn%sn
Example for Configuration
|
|
---|---|
LDAP Name Filter | (|(cn=%)(givenName=%)(departmentNumber=%)) |
LDAP Number Filter | (|(telephoneNumber=%)(Mobile=%)) |
LDAP TLS Mode | LDAP |
Server Address | 192.168.0.9 |
Port | 389 |
Base | dc=htek,dc=local |
User Name | cn=ldapadmin,dc=htek,dc=local |
Password | 123456 |
|
|
LDAP Name Attributes | cn sn givenName departmentNumber |
LDAP Number Attributes | telephoneNumber mobile |
LDAP Display Name | %cn%departmentNumber |
Protocol | V3 |
3. To Use LDAP feature
To configure an LDAP key via web user interface:
6.1 Log into the web interface of the phone.
6.2 Click on Function Keys->Memory Key (or Line Key).
6.3 In the desired memory key (or line key) field, select LDAP from the pull-down list of "Type".
6.4 Click "SaveSet" to accept the change.
6.5 Press the LDAP key on the phone when it is idle. The LDAP contacts will display on the LCD:
6.6 You can search contacts by entering character in the Filter Prefix field.