5.3.6 Directory Service (LDAP)
What Is a Directory Service
Directory service is an application running on the Directory server, which collects and provides information on the named and frequently accessed objects that seldom change. The information is stored in the form of tree-structured records on the directory server. The Lightweight Directory Access Protocol (LDAP), working on the client-server principle, is a convenient tool for storing and accessing data on the directory server. The LDAP also includes client authentication.
LDAP in 2N® NetStar
The Directory service menu consists of two main sections. A list of available directory servers is located to the left and server parameters are to the right. Click the context menu in the server list with the right-hand mouse button to create, rename or delete a server. The LDAP server configuration includes:
Figure: View of LDAP Settings
Settings
- User – use this item for user authentication in server communication. Enter without the domain.
- Password – enter the user password.
- LDAP Address – enter the IP address or domain name of the LDAP server to which the PBX gets connected.
- Domain – enter the whole domain including the highest order domain (tel-2n.cz, e.g.).
- Port – enter the port number for directory server communication. The default port is 389.
- Authentication – select one of the following three authentication protocols for user authentication in server communication:
- Simple – user name (DN – Distinguished Name) and password based authentication.
- KERBEROSv5 – Kerberos based authentication.
- Address – set the KDC server (Key Distribution Centre) address for user authentication.
- Port – set the KDC server port. The default value is 88.
- NTLMv2
Partitions
Use the context menu to add or remove an organisational unit – phone book.
- Phonebook – set the PBX phone book (directory) to which the records obtained from the LDAP server shall be stored.
- Suffix – define the search area or directory level from which synchronisation with the LDAP server shall be made. Start with the lowest level.
Example:
Suppose there is a structure on the LDAP server (tel-2n.cz domain) including a group (2N) and subgroups (Development, Sales, etc.). Enter the suffix ou=Development,ou=2N,dc=tel-2n,dc=cz to download the contacts of the Sales subgroup.
- Phone type – define the type of the record with which synchronisation with the LDAP server shall be made.
Caution
- The records that are not included in the LDAP server are deleted from the assigned phone book during synchronisation.
Synchronisation result
Use the Global data – Scheduled tasks menu to schedule synchronisation. Add the LDAP synchronisation event and set the synchronisation time. View the synchronisation result in the lower part of the screen.