Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiVoice Phone System Administration Guide

Configuring LDAP settings

Phone System > LDAP lets you configure LDAP profiles and connectors.

This topic includes:

 

Configuring LDAP profiles

The LDAP Profile submenu lets you configure LDAP profiles which can query LDAP servers for authentication.

Note

Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended phone call processing behaviors can result.

LDAP profiles each contains one or more queries that retrieve specific configuration data, such as user groups, from an LDAP server. The LDAP profile list indicates which queries you have enabled in each LDAP profile.

To view the list of LDAP profiles, go to Phone System > LDAP > LDAP Profile.

 

GUI field

Description

Profile Name

The name of the profile.

Server

The domain name or IP address of the LDAP server.

Port

The listening port of the LDAP server.

Auth

Indicates whether User Authentication Options is enabled.

Cache

Indicates whether query result caching is enabled.

(Green dot in column heading)

Indicates whether the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted.

You can add an LDAP profile to define a set of queries that the FortiVoice unit can use with an LDAP server. You might create more than one LDAP profile if, for example, you have more than one LDAP server, or you want to configure multiple, separate query sets for the same LDAP server.

After you have created an LDAP profile, LDAP profile options will appear in other areas of the FortiVoice unit’s configuration. These options let you to select the LDAP profile where you might otherwise create a reference to a configuration item stored locally on the FortiVoice unit itself. These other configuration areas will only allow you to select applicable LDAP profiles — that is, those LDAP profiles in which you have enabled the query required by that feature. For example, if a feature requires a definition of user groups, you can select only from those LDAP profiles where Group Query Options are enabled.

To configure an LDAP profile

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Click New to add a profile or double-click a profile to modify it.
  3. GUI field

    Description

    Profile name

    For a new profile, enter its name.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of the LDAP server.

    Port: Enter the port number where the LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Fallback server name/IP

    Optional. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    Port: Enter the port number where the fallback LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Use secure connection

    Select whether to connect to the LDAP servers using an encrypted connection.

    • None: Use a non-secure connection.
    • SSL: Use an SSL-secured (LDAPS) connection.

    Click Test LDAP Query to test the connection. A pop-up window appears. For details, see Testing LDAP profile queries.

    Base DN

    Enter the distinguished name (DN) of the part of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.

    User objects should be child nodes of this location.

    Bind DN

    Enter the bind DN, such as cn=FortiVoiceA,dc=example,dc=com, of an LDAP user account with permissions to query the Base DN.

    This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    Bind password

    Enter the password of the Bind DN.

    Click Browse to locate the LDAP directory from the location that you specified in Base DN, or, if you have not yet entered a Base DN, beginning from the root of the LDAP directory tree.

    Browsing the LDAP tree can be useful if you need to locate your Base DN, or need to look up attribute names. For example, if the Base DN is unknown, browsing can help you to locate it.

    Before using, first configure Server name/IP, Use secure connection, Bind DN, Bind password, and Protocol version, then click Create or OK. These fields provide minimum information required to establish the directory browsing connection.

  1. Configure the following sections:
  2. Click Create, OK or Apply.

    The LDAP profile appears in the LDAP profile list. To apply it, select the profile in features that support LDAP queries, such as protected domains and policies.

    Before using the LDAP profile in other areas of the configuration, verify the configuration of each query that you have enabled in the LDAP profile. Incorrect query configuration can result in unexpected phone processing behavior. For information on testing queries, see Testing LDAP profile queries.

Configuring authentication options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the User Authentication Options section.
  4. Configure the following:
  5. GUI field

    Description

    Try Common Name with Base DN as Bind DN

    Select to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.

    Search User and Try Bind DN

    Select to form the user’s bind DN by using the DN retrieved for that user by configuring the following:

    • LDAP user query: Enter an LDAP query filter that selects a set of user objects from the LDAP directory.
    • The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.

      For example, if user objects in your directory have two distinguishing characteristics, their objectClass and extension attributes, the query filter might be:

      (& (objectClass=inetOrgPerson) (telephonenumber=$u))

      where $u is the FortiVoice variable for a user's extension.

      This option is preconfigured and read-only if you have selected from Schema any schema style other than User Defined.

    • Schema: If your LDAP directory’s user objects use a common schema style:
      • Active Directory
      • Lotus Domino
      • Open LDAP

      Select the schema style. This automatically configures the query string to match that schema style.

      If your LDAP server uses any other schema style, select User Defined, then manually configure the query string.

    • Scope: Select which level of depth to query, starting from Base DN.
      • One level: Query only the one level directly below the Base DN in the LDAP directory tree.
      • Subtree: Query recursively all levels below the Base DN in the LDAP directory tree.
    • Derefer: Select the method to use, if any, when dereferencing attributes whose values are references.
      • Never: Do not dereference.
      • Always: Always dereference.
      • Search: Dereference only when searching.
      • Find: Dereference only when finding the base search object.

Configuring advanced options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > LDAP> LDAP Profile.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the Advanced Options section.
  4. Configure the following:
  5. GUI field

    Description

    Timeout (seconds)

    Enter the maximum amount of time in seconds that the FortiVoice unit will wait for query responses from the LDAP server.

    Protocol version

    Select the LDAP protocol version used by the LDAP server.

    Enable cache

    Enable to cache LDAP query results.

    Caching LDAP queries can introduce a delay between when you update LDAP directory information and when the FortiVoice unit begins using that new information, but also has the benefit of reducing the amount of LDAP network traffic associated with frequent queries for information that does not change frequently.

    If this option is enabled but queries are not being cached, inspect the value of TTL. Entering a TTL value of 0 effectively disables caching.

    TTL (minutes)

    Enter the amount of time, in minutes, that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

    The default TTL value is 1440 minutes (one day). The maximum value is 10080 minutes (one week). Entering a value of 0 effectively disables caching.

    This option is applicable only if Enable cache is enabled.

    Enable user password change

    Enable if you want to allow FortiVoice FortiVoice user portal users to change their password.

    Password schema

    Select your LDAP server’s user schema style, either OpenLDAP or Active Directory.

Testing LDAP profile queries

After you have created an LDAP profile, you should test each enabled query in the LDAP profile to verify that the FortiVoice unit can connect to the LDAP server, that the LDAP directory contains the required attributes and values, and that the query configuration is correct.

When testing a query in an LDAP profile, you may encounter error messages that indicate failure of the query and how to fix the problem.

To verify user authentication options

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Double-click the LDAP profile whose query you want to test.
  3. Click Test LDAP Query.

    A pop-up window appears allowing you to test the query.

  4. From Select query type, select Authentication.
  5. In User name, enter the user name or extension of a user on the LDAP server, such as jdoe or 1234, depending your selection of User Authentication Options.
  6. In Password, enter the current password for that user.
  7. Click Test.

    The FortiVoice unit performs the query, and displays either success or failure for each operation in the query, such as the search to locate the user record, or binding to authenticate the user.

Clearing the LDAP profile cache

You can clear the FortiVoice unit’s cache of query results for any LDAP profile.

This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiVoice unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiVoice unit to query the updated LDAP server, refreshing the cache.

To clear the LDAP query cache

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Double-click the LDAP profile whose query cache you want to clear.
  3. Click Test LDAP Query.
  4. From Select query type, select Clear Cache.

    A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.

  5. Click Ok.

    The FortiVoice unit empties cached LDAP query responses associated with that LDAP profile.

 

    Configuring the LDAP connector

    If you have contact or employee information in your LDAP server, you can configure the LDAP attribute mapping templates to retrieve the information and add it to the contact and extension lists. Before doing so, you must configure your LDAP server. For details, see Configuring LDAP profiles.

    To view the list of LDAP connectors, go to Phone System > LDAP > LDAP Connector.

    GUI field

    Description

    Clone

    Click to duplicate an LDAP connector configuration.

    Actions

    • Incremental Sync: Select an LDAP connector and click this button to let the FortiVoice unit only synchronize the new and changed information on the LDAP server. This is recommended because it takes less network resources and is more efficient.
    • Full Sync: Select an LDAP connector and click this button to let the FortiVoice unit fully synchronize the new and changed information on the LDAP server. This is recommended only if it is necessary to do so, because it takes lots of network resources.
    • Sync Report: Select an LDAP connector and click this button to display the synchronization report between the FortiVoice unit and your LDAP server.
    • Purge sync data: Select an LDAP connector and click this button to remove the data retrieved from the LDAP server.

     

    Extension

    Click to display the extensions generated based on the data retrieved from your LDAP server.

    Note that contacts generated based on the data retrieved from your LDAP server appears in Phone System > LDAP > LDAP Contact. See Viewing LDAP contact list.

    Name

    Name of the LDAP connector.

    LDAP Profile

    The name of the LDAP profile that has your LDAP server information. For details, see Configuring LDAP profiles.

    Type

    The type of the LDAP connector: extension or contact.

    Schedule

    The synchronization schedule between the FortiVoice unit and your LDAP server.

    Last Sync Time

    The latest synchronization time between the FortiVoice unit and your LDAP server.

To configure extension/contact connectors

  1. Go to Phone System > LDAP > LDAP Connector.
  2. Click New > Extension Connector/Contact Connector and configure the following:
  3. GUI field

     

    Description

    Name

    Enter a name for the extension/contact connector.

    Status

    Select to enable the connector.

    LDAP profile

    Select the LDAP profile that has your LDAP server information. You can add a new profile or modify the selected one. For details, see Configuring LDAP profiles.

    The FortiVoice unit queries the LDAP server based on the information contained in the LDAP profile.

    Schema

    Select the LDAP schema that defines the rules to govern the kinds of data that the LDAP server can hold.

    This option appears after you select the LDAP profile.

    Description

    Click to enter any notes you have for this connector.

    Search criteria

    Enter the search attributes for the data you want the FortiVoice unit to retrieve from the LDAP server.

     

    Search base

    Enter or browse for the search base to define the search starting point in the LDAP directory tree.

     

    Search filter

    Enter the complete query filters.

     

    Scope

    Select the LDAP search scope indicating the set of entries at or below the BaseDN that may be considered potential matches for a SearchRequest.

     

    Max results

    Enter the search size limit for the returning records.

    Mapping and More

    Enter the contact attributes used in the LDAP server that match the FortiVoice attributes for extensions or contact lists. For example, Name may be used to represent first name and Surname may be used for last name.

    You may click the Host attribute's name icon beside each field to choose an LDAP server attribute.

    The mapping enables the FortiVoice unit to convert the data retrieved from the LDAP server into FortiVoice extension or contact lists.

    Schedule

    Set the time schedule for data retrieving and mapping.

Viewing LDAP contact list

After you have configured the LDAP contact connector and synchronized the FortiVoice unit with it, the generated FortiVoice contact list appears in Phone System > LDAP > LDAP Contact.

You can select a contact to view, modify, or delete it.

Clicking LDAP opens the LDAP Connector page.

For details about configuring contact connectors, see Configuring the LDAP connector.

 

Configuring LDAP settings

Phone System > LDAP lets you configure LDAP profiles and connectors.

This topic includes:

 

Configuring LDAP profiles

The LDAP Profile submenu lets you configure LDAP profiles which can query LDAP servers for authentication.

Note

Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended phone call processing behaviors can result.

LDAP profiles each contains one or more queries that retrieve specific configuration data, such as user groups, from an LDAP server. The LDAP profile list indicates which queries you have enabled in each LDAP profile.

To view the list of LDAP profiles, go to Phone System > LDAP > LDAP Profile.

 

GUI field

Description

Profile Name

The name of the profile.

Server

The domain name or IP address of the LDAP server.

Port

The listening port of the LDAP server.

Auth

Indicates whether User Authentication Options is enabled.

Cache

Indicates whether query result caching is enabled.

(Green dot in column heading)

Indicates whether the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted.

You can add an LDAP profile to define a set of queries that the FortiVoice unit can use with an LDAP server. You might create more than one LDAP profile if, for example, you have more than one LDAP server, or you want to configure multiple, separate query sets for the same LDAP server.

After you have created an LDAP profile, LDAP profile options will appear in other areas of the FortiVoice unit’s configuration. These options let you to select the LDAP profile where you might otherwise create a reference to a configuration item stored locally on the FortiVoice unit itself. These other configuration areas will only allow you to select applicable LDAP profiles — that is, those LDAP profiles in which you have enabled the query required by that feature. For example, if a feature requires a definition of user groups, you can select only from those LDAP profiles where Group Query Options are enabled.

To configure an LDAP profile

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Click New to add a profile or double-click a profile to modify it.
  3. GUI field

    Description

    Profile name

    For a new profile, enter its name.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of the LDAP server.

    Port: Enter the port number where the LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Fallback server name/IP

    Optional. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    Port: Enter the port number where the fallback LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Use secure connection

    Select whether to connect to the LDAP servers using an encrypted connection.

    • None: Use a non-secure connection.
    • SSL: Use an SSL-secured (LDAPS) connection.

    Click Test LDAP Query to test the connection. A pop-up window appears. For details, see Testing LDAP profile queries.

    Base DN

    Enter the distinguished name (DN) of the part of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.

    User objects should be child nodes of this location.

    Bind DN

    Enter the bind DN, such as cn=FortiVoiceA,dc=example,dc=com, of an LDAP user account with permissions to query the Base DN.

    This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    Bind password

    Enter the password of the Bind DN.

    Click Browse to locate the LDAP directory from the location that you specified in Base DN, or, if you have not yet entered a Base DN, beginning from the root of the LDAP directory tree.

    Browsing the LDAP tree can be useful if you need to locate your Base DN, or need to look up attribute names. For example, if the Base DN is unknown, browsing can help you to locate it.

    Before using, first configure Server name/IP, Use secure connection, Bind DN, Bind password, and Protocol version, then click Create or OK. These fields provide minimum information required to establish the directory browsing connection.

  1. Configure the following sections:
  2. Click Create, OK or Apply.

    The LDAP profile appears in the LDAP profile list. To apply it, select the profile in features that support LDAP queries, such as protected domains and policies.

    Before using the LDAP profile in other areas of the configuration, verify the configuration of each query that you have enabled in the LDAP profile. Incorrect query configuration can result in unexpected phone processing behavior. For information on testing queries, see Testing LDAP profile queries.

Configuring authentication options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the User Authentication Options section.
  4. Configure the following:
  5. GUI field

    Description

    Try Common Name with Base DN as Bind DN

    Select to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.

    Search User and Try Bind DN

    Select to form the user’s bind DN by using the DN retrieved for that user by configuring the following:

    • LDAP user query: Enter an LDAP query filter that selects a set of user objects from the LDAP directory.
    • The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.

      For example, if user objects in your directory have two distinguishing characteristics, their objectClass and extension attributes, the query filter might be:

      (& (objectClass=inetOrgPerson) (telephonenumber=$u))

      where $u is the FortiVoice variable for a user's extension.

      This option is preconfigured and read-only if you have selected from Schema any schema style other than User Defined.

    • Schema: If your LDAP directory’s user objects use a common schema style:
      • Active Directory
      • Lotus Domino
      • Open LDAP

      Select the schema style. This automatically configures the query string to match that schema style.

      If your LDAP server uses any other schema style, select User Defined, then manually configure the query string.

    • Scope: Select which level of depth to query, starting from Base DN.
      • One level: Query only the one level directly below the Base DN in the LDAP directory tree.
      • Subtree: Query recursively all levels below the Base DN in the LDAP directory tree.
    • Derefer: Select the method to use, if any, when dereferencing attributes whose values are references.
      • Never: Do not dereference.
      • Always: Always dereference.
      • Search: Dereference only when searching.
      • Find: Dereference only when finding the base search object.

Configuring advanced options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > LDAP> LDAP Profile.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the Advanced Options section.
  4. Configure the following:
  5. GUI field

    Description

    Timeout (seconds)

    Enter the maximum amount of time in seconds that the FortiVoice unit will wait for query responses from the LDAP server.

    Protocol version

    Select the LDAP protocol version used by the LDAP server.

    Enable cache

    Enable to cache LDAP query results.

    Caching LDAP queries can introduce a delay between when you update LDAP directory information and when the FortiVoice unit begins using that new information, but also has the benefit of reducing the amount of LDAP network traffic associated with frequent queries for information that does not change frequently.

    If this option is enabled but queries are not being cached, inspect the value of TTL. Entering a TTL value of 0 effectively disables caching.

    TTL (minutes)

    Enter the amount of time, in minutes, that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

    The default TTL value is 1440 minutes (one day). The maximum value is 10080 minutes (one week). Entering a value of 0 effectively disables caching.

    This option is applicable only if Enable cache is enabled.

    Enable user password change

    Enable if you want to allow FortiVoice FortiVoice user portal users to change their password.

    Password schema

    Select your LDAP server’s user schema style, either OpenLDAP or Active Directory.

Testing LDAP profile queries

After you have created an LDAP profile, you should test each enabled query in the LDAP profile to verify that the FortiVoice unit can connect to the LDAP server, that the LDAP directory contains the required attributes and values, and that the query configuration is correct.

When testing a query in an LDAP profile, you may encounter error messages that indicate failure of the query and how to fix the problem.

To verify user authentication options

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Double-click the LDAP profile whose query you want to test.
  3. Click Test LDAP Query.

    A pop-up window appears allowing you to test the query.

  4. From Select query type, select Authentication.
  5. In User name, enter the user name or extension of a user on the LDAP server, such as jdoe or 1234, depending your selection of User Authentication Options.
  6. In Password, enter the current password for that user.
  7. Click Test.

    The FortiVoice unit performs the query, and displays either success or failure for each operation in the query, such as the search to locate the user record, or binding to authenticate the user.

Clearing the LDAP profile cache

You can clear the FortiVoice unit’s cache of query results for any LDAP profile.

This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiVoice unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiVoice unit to query the updated LDAP server, refreshing the cache.

To clear the LDAP query cache

  1. Go to Phone System > LDAP > LDAP Profile.
  2. Double-click the LDAP profile whose query cache you want to clear.
  3. Click Test LDAP Query.
  4. From Select query type, select Clear Cache.

    A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.

  5. Click Ok.

    The FortiVoice unit empties cached LDAP query responses associated with that LDAP profile.

 

    Configuring the LDAP connector

    If you have contact or employee information in your LDAP server, you can configure the LDAP attribute mapping templates to retrieve the information and add it to the contact and extension lists. Before doing so, you must configure your LDAP server. For details, see Configuring LDAP profiles.

    To view the list of LDAP connectors, go to Phone System > LDAP > LDAP Connector.

    GUI field

    Description

    Clone

    Click to duplicate an LDAP connector configuration.

    Actions

    • Incremental Sync: Select an LDAP connector and click this button to let the FortiVoice unit only synchronize the new and changed information on the LDAP server. This is recommended because it takes less network resources and is more efficient.
    • Full Sync: Select an LDAP connector and click this button to let the FortiVoice unit fully synchronize the new and changed information on the LDAP server. This is recommended only if it is necessary to do so, because it takes lots of network resources.
    • Sync Report: Select an LDAP connector and click this button to display the synchronization report between the FortiVoice unit and your LDAP server.
    • Purge sync data: Select an LDAP connector and click this button to remove the data retrieved from the LDAP server.

     

    Extension

    Click to display the extensions generated based on the data retrieved from your LDAP server.

    Note that contacts generated based on the data retrieved from your LDAP server appears in Phone System > LDAP > LDAP Contact. See Viewing LDAP contact list.

    Name

    Name of the LDAP connector.

    LDAP Profile

    The name of the LDAP profile that has your LDAP server information. For details, see Configuring LDAP profiles.

    Type

    The type of the LDAP connector: extension or contact.

    Schedule

    The synchronization schedule between the FortiVoice unit and your LDAP server.

    Last Sync Time

    The latest synchronization time between the FortiVoice unit and your LDAP server.

To configure extension/contact connectors

  1. Go to Phone System > LDAP > LDAP Connector.
  2. Click New > Extension Connector/Contact Connector and configure the following:
  3. GUI field

     

    Description

    Name

    Enter a name for the extension/contact connector.

    Status

    Select to enable the connector.

    LDAP profile

    Select the LDAP profile that has your LDAP server information. You can add a new profile or modify the selected one. For details, see Configuring LDAP profiles.

    The FortiVoice unit queries the LDAP server based on the information contained in the LDAP profile.

    Schema

    Select the LDAP schema that defines the rules to govern the kinds of data that the LDAP server can hold.

    This option appears after you select the LDAP profile.

    Description

    Click to enter any notes you have for this connector.

    Search criteria

    Enter the search attributes for the data you want the FortiVoice unit to retrieve from the LDAP server.

     

    Search base

    Enter or browse for the search base to define the search starting point in the LDAP directory tree.

     

    Search filter

    Enter the complete query filters.

     

    Scope

    Select the LDAP search scope indicating the set of entries at or below the BaseDN that may be considered potential matches for a SearchRequest.

     

    Max results

    Enter the search size limit for the returning records.

    Mapping and More

    Enter the contact attributes used in the LDAP server that match the FortiVoice attributes for extensions or contact lists. For example, Name may be used to represent first name and Surname may be used for last name.

    You may click the Host attribute's name icon beside each field to choose an LDAP server attribute.

    The mapping enables the FortiVoice unit to convert the data retrieved from the LDAP server into FortiVoice extension or contact lists.

    Schedule

    Set the time schedule for data retrieving and mapping.

Viewing LDAP contact list

After you have configured the LDAP contact connector and synchronized the FortiVoice unit with it, the generated FortiVoice contact list appears in Phone System > LDAP > LDAP Contact.

You can select a contact to view, modify, or delete it.

Clicking LDAP opens the LDAP Connector page.

For details about configuring contact connectors, see Configuring the LDAP connector.