Services; Routing Based On Ldap Active Directory Queries; Ldap Overview - AudioCodes Mediant 3000 User Manual

SIP User's Manual
13

Services

This section describes configuration for various supported services.
13.1

Routing Based on LDAP Active Directory Queries

The device supports Lightweight Directory Access Protocol (LDAP), allowing the device to
make call routing decisions based on information stored on a third-party LDAP server (or
Microsoft's Active Directory-based enterprise directory server). This feature enables the
usage of one common, popular database to manage and maintain information regarding
user's availability, presence, and location.
The LDAP feature can be configured using the ini file, Web interface, SNMP, and CLI (for
debugging only).

13.1.1 LDAP Overview

The basic LDAP mechanism is described below:

Connection: The device connects and binds to the remote LDAP server either during
the service's initialization (at device start-up) or whenever the LDAP server's IP
address and port is changed. Service makes 10 attempts to connect and bind to the
remote LDAP server with a timeout of 20 seconds between attempts. If connection
fails, the service remains in disconnected state until either the LDAP server's IP
address or port is changed.
If connection to the LDAP server later fails, the service attempts to reconnect, as
described previously. The SNMP alarm acLDAPLostConnection is sent when
connection is broken. Upon successful reconnection, the alarm is cleared.
Binding to the LDAP server can be anonymous or not. For anonymous binding, the
LDAPBindDN and LDAPPassword parameters must not be defined or set to an empty
string.
The address of the LDAP server can be a DNS name (using the LDAPServerName
parameter) or an IP address (using the LDAPServerIP parameter).

Search: To run a search using the LDAP service, the path to the directory's subtree
where the search is to be performed must be defined (using the LDAPSearchDN
parameter). In addition, the search key (known as "filter" in LDAP references), which
defines the exact DN to be found and one or more attributes whose values should be
returned, must be defined. The device supports up to 80 LDAP search requests.
If connection to the LDAP server is disrupted during the search, all search requests
are dropped and an alarm indicating a failed status is sent to client applications.

CLI: The LDAP CLI is located in the directory IPNetworking\OpenLdap. The following
commands can be used:
•
LdapSTatus - displays connection status
•
LdapSearch - searches an LDAP server
•
LDapOpen - opens connection to the LDAP server using parameters provided in
configuration file
•
LDapSetDebugmode - sets the LdapDebugLevelMode parameter
•
LDapGetDebugmode – gets the LdapDebugLevelMode parameter value
Relevant parameters: LDAPServiceEnable; LDAPServerIP; LDAPServerDomainName;
LDAPServerPort; LDAPPassword; LDAPBindDN; LDAPSearchDN; LDAPDebugMode;
LDAPServerMaxRespondTime.
Version 6.4 191
13. Services
November 2011