Central Directory Using LDAP on Snom phones | ProVu Communications
snom

Central Directory Using LDAP on snom phones

It is possible to implement a central corporate directory on an LDAP server which can be accessed with a Snom IP phone.
All current Snom phones (300, 320, 360 and soon the 370) have a built in LDAP client, you need to be using firmware 6 or above. At the time of writing 6.5.5 is a good version to use.

What is an LDAP server?

LDAP stands for Lightweight Directory Access Protocol. See the Wikipedia page on LDAP for more information.
In Linux/Solaris etc... the most common LDAP server is called OpenLDAP.
However, most system administrators will have heard of Microsoft Active Directory, this is simply Microsoft's name for LDAP.

This sounds complicated

It is! Since Microsoft do such a good job of sheilding systems administrators away from the complexities of LDAP with Active Directory, using LDAP syntax in the settings on the Snom phone is confusing. Users of OpenLDAP will find it easier. When ProVu ship out Snom phones there is the option to use our pre-configuration services. We can also include LDAP settings in this configuration, please email contact@provu.co.uk for more information. We will need to know the basic structure of your Active Directory/LDAP tree to be able to do this.

This guide will assume you already have a working OpenLDAP or Active Directory server in place.

Snom Phone configuration with Microsoft Active Directory

How it works

When the user starts to enter a number or name on the Snom phone keypad, the phone performs a lookup on the Active Directory (AD) server for any entries with a telephoneNumber attribute set. It requests the telephoneNumber, displayName and commonName (generally called full name in AD). Any entries such as inetOrgPerson, Contact, User will be displayed in a list on the phone screen.
If the Snom phone user is typing in a number then the phone displays all entries on the screen where the telephoneNumber begins with the same number entered so far. If the Snom phone user is typing in a name then the phone displays all entries where the displayName (if it exists) or the full name begins with what has been entered so far. This is not case-sensitive.
Use the up and down arrows of the silver navigation button on the phone to scroll through results.

Phone configuration

Web browse to the Snom phone web interface and click on the advanced screen. Scroll down the list till you see the LDAP section. The values should be filled in as follows:

  • Server Address: enter the name or IP address of the Active Directory server on your network.
  • Port: 389 is the standard LDAP port and AD uses this by default. Make sure no firewall is blocking this port.
  • Base: this is the domain configured on the AD server. If the domain is "provu.co.uk" then you type "dc=provu,dc=co,dc=uk" into this setting. This is the usual LDAP syntax which AD hides under the surface.
  • Username: this is a link to a user in the AD tree. For example, if this phone is used by Paul Hayes who has an inetOrgPerson (or user etc..) entry with full name "Paul Hayes", in AD inside the "Staff" organisational unit (OU), this setting would be: "cn=Paul Hayes,ou=Staff,dc=provu,dc=co,dc=uk".
  • Password: this is the password that is assigned to the inetOrgPerson/User specified above.
  • Max Hits: is the maximum number of results to request.

Snom Phone Configuration with OpenLDAP

How it works

Every time a user starts to dial a number or name on the Snom phone, an LDAP lookup is sent to the openLDAP server asking for "cn", "telephoneNumber" and "displayName". Any entry in your LDAP tree which has a telephoneNumber is displayed by the Snom phone. If the user is typing in a number then the results where the "telephoneNumber" begins with the digits dialled so far are shown in a list. If the user is typing in a name then the results where the "displayName" (or "cn" if "displayName" doesn't exist) matches the characters dialled are shown in a list. The search is not case-sensitive.
Use the up and down arrows of the silver navigation button on the phone to scroll through results.

Phone Configuration

  • Server Address: enter the name or IP address of the server with OpenLDAP running on it.
  • Port: 389 is the standard LDAP port and OpenLDAP uses this by default. Make sure there are no firewalls blocking this port.
  • Base: this is the suffix setting configured in the slapd.conf file on the OpenLDAP server. E.G. "dc=provu,dc=co,dc=uk".
  • Username: this is the bind DN. For example, if there is an inetOrgPerson entry with "cn=Paul Hayes" inside an organisationalUnit called "Staff", this setting could be - "cn=Paul Hayes,ou=Staff,dc=provu,dc=co,dc=uk".
  • Password: this is the userPassword attribute for the DN specified in the above setting.
  • Max Hits: maximum number of results to request.

Note: some OpenLDAP default installations allow unauthenticated binds. This means you can ignore the username & password settings on the Snom phone. If the server is accessible from the outside world then this is probably not a good idea. It is easily changed by specifying "by anonymous none" in the "access to *" section in slapd.conf.
Additionally, the LDAP client in Snom phones is supposed to be an LDAPv2 client but it still seems to work even if the "allow bind_v2" clause is commented out in slapd.conf in my experience!