Discussion:
LDAP Functionality Questions
Dave Deutschman
2012-08-16 14:50:12 UTC
Permalink
I would like someone to verify LDAP functionality in sipXecs 4.4.



The scenario is a system that has implemented LDAP integration for a set of
users and has imported another set of users that initially were not in LDAP.
In the LDAP implementation, the Alias is mapped to the LDAP username.
After the import, the Alias on an imported user is changed to match the LDAP
username.



The system does not authenticate using their LDAP credentials for this user,
it will only accept their PIN.



Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?



Dave Deutschman

Managing Partner

Innovational IP Solutions, LLC



PO Box 983

Bothell, WA 98041



206.965.9586 x 301 (o)

425.478.9642 (m)

<mailto:***@sipx.isdomain.net> ***@sipx.isdomain.net (s)



<http://www.innovational.net/> www.innovational.net



"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers."
Mircea Carasel
2012-08-17 09:07:35 UTC
Permalink
Post by Dave Deutschman
**
Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?
With the actual code, this is not possible. When you use a user alias to
login, our LDAP authenticator will search sipXconfig database to find that
user based on alias which is fine, but when the LDAP search/authentication
is performed, it is used the username of the user found in sipXconfig based
on alias. If sipXconfig user's username has no match in LDAP, the
authentication won't work

We would need to change the code and make searches also based on aliases as
well, so basically if a user has 3 aliases we would need to make 1 to 4
searches in ldap until the user gets authenticated...
Mircea
Post by Dave Deutschman
****
** **
Dave Deutschman****
Managing Partner****
Innovational IP Solutions, LLC****
****
PO Box 983****
Bothell, WA 98041****
****
206.965.9586 x 301 (o)****
425.478.9642 (m)****
****
www.innovational.net****
****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers." ****
** **
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/
Dave Deutschman
2012-08-17 14:39:26 UTC
Permalink
Mircea,



Thanks for the response.



DD



From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Friday, August 17, 2012 2:08 AM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] LDAP Functionality Questions





Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?

With the actual code, this is not possible. When you use a user alias to
login, our LDAP authenticator will search sipXconfig database to find that
user based on alias which is fine, but when the LDAP search/authentication
is performed, it is used the username of the user found in sipXconfig based
on alias. If sipXconfig user's username has no match in LDAP, the
authentication won't work



We would need to change the code and make searches also based on aliases as
well, so basically if a user has 3 aliases we would need to make 1 to 4
searches in ldap until the user gets authenticated...

Mircea



Dave Deutschman

Managing Partner

Innovational IP Solutions, LLC



PO Box 983

Bothell, WA 98041



<tel:206.965.9586%C2%A0%20x%20301> 206.965.9586 x 301 (o)

<tel:425.478.9642> 425.478.9642 (m)

<mailto:***@sipx.isdomain.net> ***@sipx.isdomain.net (s)



www.innovational.net <http://www.innovational.net/>



"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers."




_______________________________________________
sipx-users mailing list
sipx-***@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/



_____

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5204 - Release Date: 08/16/12
Michael Picher
2012-08-18 11:03:55 UTC
Permalink
The other option here, which is where I had hoped were were heading with
4.6, is to have a userID and an Extension field (not extension as an
alias). This way, a userID is really a userID and an extension is really
an extension (that gets displayed / programmed into a phone).

Thanks,
Mike
Post by Mircea Carasel
**
Post by Dave Deutschman
Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?
With the actual code, this is not possible. When you use a user alias to
login, our LDAP authenticator will search sipXconfig database to find that
user based on alias which is fine, but when the LDAP search/authentication
is performed, it is used the username of the user found in sipXconfig based
on alias. If sipXconfig user's username has no match in LDAP, the
authentication won't work
We would need to change the code and make searches also based on aliases
as well, so basically if a user has 3 aliases we would need to make 1 to 4
searches in ldap until the user gets authenticated...
Mircea
Post by Dave Deutschman
****
** **
Dave Deutschman****
Managing Partner****
Innovational IP Solutions, LLC****
****
PO Box 983****
Bothell, WA 98041****
****
206.965.9586 x 301 (o)****
425.478.9642 (m)****
****
www.innovational.net****
****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers." ****
** **
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/
--
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square****

Suite 201****

Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>
linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro>
www.ezuce.com

------------------------------------------------------------------------------------------------------------
There are 10 kinds of people in the world, those who understand binary and
those who don't.
Kurt Albershardt
2012-08-18 15:48:40 UTC
Permalink
This makes a lot of sense to me.
The other option here, which is where I had hoped were were heading with 4.6, is to have a userID and an Extension field (not extension as an alias). This way, a userID is really a userID and an extension is really an extension (that gets displayed / programmed into a phone).
Thanks,
Mike
Kyle Haefner
2012-08-17 15:11:17 UTC
Permalink
Hi Dave,

One way we have it working is to use another LDAP field for
authentication, we use IPPhone which is a common one in AD. If
IPPhone is set to be the same as the sipx username (5 digit extension
in our case) then authentication works when a user types in their
alias because sipx maps the alias to the username and sends the
username to LDAP and LDAP authenticates it against IPPhone.

Kyle

On Thu, Aug 16, 2012 at 8:50 AM, Dave Deutschman
Post by Dave Deutschman
I would like someone to verify LDAP functionality in sipXecs 4.4.
The scenario is a system that has implemented LDAP integration for a set of
users and has imported another set of users that initially were not in LDAP.
In the LDAP implementation, the Alias is mapped to the LDAP username.
After the import, the Alias on an imported user is changed to match the LDAP
username.
The system does not authenticate using their LDAP credentials for this user,
it will only accept their PIN.
Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?
Dave Deutschman
Managing Partner
Innovational IP Solutions, LLC
PO Box 983
Bothell, WA 98041
206.965.9586 x 301 (o)
425.478.9642 (m)
www.innovational.net
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers."
--
Kyle Haefner, M.S.
Communication Systems Programmer
Colorado State University
Fort Collins, CO
Phone: 970-491-1012
Email: ***@colostate.edu

01010010 01100101 01100001 01101100 00100000 01101101 01100101
01101110 00100000 01110000 01110010 01101111 01100111 01110010
01100001 01101101 00100000 01101001 01101110 00100000 01100010
01101001 01101110 01100001 01110010 01111001 00101110
Dave Deutschman
2012-08-17 18:58:46 UTC
Permalink
Kyle,



Thanks for the information. I believe that will accomplish what we are
attempting to implement.



DD



From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Kyle Haefner
Sent: Friday, August 17, 2012 8:11 AM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] LDAP Functionality Questions



Hi Dave,

One way we have it working is to use another LDAP field for
authentication, we use IPPhone which is a common one in AD. If
IPPhone is set to be the same as the sipx username (5 digit extension
in our case) then authentication works when a user types in their
alias because sipx maps the alias to the username and sends the
username to LDAP and LDAP authenticates it against IPPhone.

Kyle

On Thu, Aug 16, 2012 at 8:50 AM, Dave Deutschman
Post by Dave Deutschman
I would like someone to verify LDAP functionality in sipXecs 4.4.
The scenario is a system that has implemented LDAP integration for a set of
users and has imported another set of users that initially were not in LDAP.
In the LDAP implementation, the Alias is mapped to the LDAP username.
After the import, the Alias on an imported user is changed to match the LDAP
username.
The system does not authenticate using their LDAP credentials for this user,
it will only accept their PIN.
Is there a way to change this behavior to have the system link this user
with LDAP and then validate using the LDAP credentials?
Dave Deutschman
Managing Partner
Innovational IP Solutions, LLC
PO Box 983
Bothell, WA 98041
<file:///C:\Program%20Files%20(x86)\eZuce\openUC%20Outlook%20Add-in\StatusIm
ages\phone.png> 206.965.9586 x 301 (o)
<file:///C:\Program%20Files%20(x86)\eZuce\openUC%20Outlook%20Add-in\StatusIm
ages\phone.png> 425.478.9642 (m)
Post by Dave Deutschman
www.innovational.net
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers."
--
Kyle Haefner, M.S.
Communication Systems Programmer
Colorado State University
Fort Collins, CO
Phone:
<file:///C:\Program%20Files%20(x86)\eZuce\openUC%20Outlook%20Add-in\StatusIm
ages\phone.png> 970-491-1012
Email: ***@colostate.edu

01010010 01100101 01100001 01101100 00100000 01101101 01100101
01101110 00100000 01110000 01110010 01101111 01100111 01110010
01100001 01101101 00100000 01101001 01101110 00100000 01100010
01101001 01101110 01100001 01110010 01111001 00101110
_______________________________________________
sipx-users mailing list
sipx-***@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5204 - Release Date: 08/16/12
Loading...