Skip to content
This repository has been archived by the owner on Mar 23, 2020. It is now read-only.

Latest commit

 

History

History
128 lines (74 loc) · 3.82 KB

ldap_filter.rst

File metadata and controls

128 lines (74 loc) · 3.82 KB
Raw

LDAP filter directory

This page describes how to configure Wazo to search a LDAP server from its directory service.

Adding a LDAP server

Configuration --> Management --> LDAP Servers

Configuration --> Management --> LDAP Servers

Name: the server's display name

Host: the hostname or IP address

Port: the port number (default: 389)

Security layer: select SSL if it is activated on your server and you want to use it (default: disabled)

Protocol version: the LDAP protocol version (default: 3)

Note

SSL means TLS/SSL (doesn't mean StartTLS) and port 636 should then be used

Notes on SSL/TLS usage

If you are using SSL with an LDAP server that is using a CA certificate from an unknown certificate authority, you'll have to put the certificate file as a single file ending with .crt into /usr/local/share/ca-certificates and run update-ca-certificates.

You also need to make sure that the /etc/ldap/ldap.conf file contains a line TLS_CACERT /etc/ssl/certs/ca-certificates.crt.

After that, restart spawn-fcgi with service spawn-fcgi restart.

Also, make sure to use the FQDN (Fully Qualified Domain Name) of the server in the host field when using SSL. The host field must match exactly what's in the CN attribute of the server certificate.

Adding a LDAP Filter

Next thing to do after adding a LDAP server is to create a LDAP filter via the Services --> IPBX configuration --> LDAP Filters page.

You can add a LDAP filter by clicking on the add button at the top right of the page. You'll then be shown this page:

Services --> IPBX configuration --> LDAP Filters

Services --> IPBX configuration --> LDAP Filters

Name: the filter's display name

LDAP server: the LDAP server this filter applies to

User: the dn of the user used to do search requests

Password: the password of the given user

Base DN: the base dn of search requests

Filter: if specified, it replace the default filter <custom-filter>

Use a Custom Filter

In some cases, you might have to use a custom filter for your search requests instead of the default filter.

In custom filters, occurrence of the pattern %Q is replaced by what the user entered on its phone.

Here's some examples of custom filters:

  • cn=*%Q*
  • &(cn=*%Q*)(mail=*@example.org)
  • |(cn=*%Q*)(displayName=*%Q*)

Adding a source

Configuration --> Management --> Directories

Configuration --> Management --> Directories

LDAP filter name: The LDAP filter this directory should use.

Adding a Directory Definition

The next step is to add a directory defintion for the LDAP directory you just created. See the directories <directory-definition> section for more information.

Here's an example of an LDAP directory definition:

Services --> IPBX --> IPBX configuration --> LDAP filters

Services --> IPBX --> IPBX configuration --> LDAP filters

If a custom filter is defined in the LDAP filter configuration, the fields in direct match will be added to that filter using an &. To only use the filter field of your LDAP filter configuration, do not add any direct match fields in your directory definition.

Example:

  • Given an LDAP filter with filter st=Canada
  • Given a directory definition with a direct match cn,o
  • Then the resulting filter when doing a search will be &(st=Canada)(|(cn=*%Q*)(o=*%Q*))