KX-NSX1000/2000 LDAP Rev1.8 30 Nov., 2016 1

Table of Contents Chapter1 Overview Chapter2 How it work? Chapter3 How to program?

Chapter 1 Overview

1. Overview LDAP database synchronization Following 3 data can be used by this synchronization. 1)User data : For maintain PBX user’s information. 2)LDAP directory service : Use data in LDAP as system phonebook. 3)Name display by LDAP at incoming call : Use data in LDAP as system phonebook. <User data> Manual synchronization User data in LDAP database can be reflected manually on the specified user parameter of NSX1000/2000.   Scheduled synchronization Scheduled synchronization is provided. It is available to the user that manual synchronization is completed for. Useful feature to maintain employee information and customer phone numbers by single database . AK （KX-NSXF005) is required.

1. Overview LDAP database synchronization “Local Access” feature code only can be deployed <LDAP directory service> with DPT, IPPT and IP-Softphone User can make outgoing call based on phone number in the LDAP database. This operation can be done at “External Directory” feature on PT.  　　　･･･ ⇔ Personal Directory ⇔ System Directory ⇔ External Directory ⇔ Extension Directory ⇔ Feature Access ⇔ Incoming Call log⇔ Outgoing Call log ⇔ ･･･ LDAP data is searched by name entered as search key, and then maximum 3 numbers can be present as single search result. (Ex. Office, Home, Mobile) Feature code of local trunk access can be added automatically when getting the data from LDAP database. (System programming) LDAP directory to search can be assigned for each tenant. (System programming)

1. Overview LDAP database synchronization < Name display by LDAP at incoming call> with PS, DPT, IPPT and IP-Softphone As with personal directory and system directory, the name by searching name from caller ID can be displayed on the phone when incoming a call. The name by LDAP database is displayed in case of no matched data by personal directory and system directory, LDAP directory to search can be assigned for each tenant. (System programming)  

1. Overview LDAP database synchronization -Condition- LDAP connection activation key (KX-NSXF005) is required for these features. NSX1000/2000 supports one LDAP database server to connect. Following table shows supported LDAP database. LDAP database Remark Active Directory 2008 R2, Active Directory 2012   OpenLDAP Version 2.4.xx <User data> Manual synchronization The direction of the synchronization is one way (only LDAP DB to PBX) is supported. LDAP data is searched by name entered as search key and the reference data, which is phone number and e-mail address and so on, of the matched user is taken out from the database. Then the data is set into the user parameter. This is manual operation at each user menu in web programming.　 The attribute of LDAP database to be reflected are specified to each user parameter beforehand.   Scheduled synchronization Schedule can be created by selecting from “Daily”, “Weekly”, “Monthly”.Also provides the ability to synchronize immediately.This scheduled synchronization can be disable per user.

Chapter 2 How it work?

2. How it work? LDAP data flow AD Server Data can be copied from data at AD server to NSX. AD Server Data at NSX and data at AD server must be manually pulled and tied at beginning. Firstly you need to create User at NSX and then tied and pull data from AD. - RS-232C port -> using for a factory maintenance - Dimension: Width 430mm×Height 88mm×Depth 340mm -> 19 inch-rack mountable (2U) - Weight (when fully mounted): Under 5.1kg - Power Consumption (when fully mounted): 50W (240 V: 132 VA, 200 V: 120 VA, 130 V: 104 VA, 100 V: 95 VA)

2. How it work? External DB link button External Database “ Database Sync” button exist at single user edit screen.

2. How it work? User data search window To use automatic DB sync Database Sync. succeeded. Do you want to execute Scheduled Database Sync. for this user? To use automatic DB sync It is necessary to determine which data at AD link to dedicate PBX user container by manual. No *One time sync when select “No”.

2. How it work? LDAP data flow AD Server Data can be copied from data at AD server to NSX. AD Server EXT:101 name: James Donald ------ Tied data uid:1 name: James Donald ------ The user data can be updated periodically after NSX and AD data tied. It can be daily/weekly/monthly. Daily: specific time, Weekly: specific time/day of week, Monthly: specific time/date - RS-232C port -> using for a factory maintenance - Dimension: Width 430mm×Height 88mm×Depth 340mm -> 19 inch-rack mountable (2U) - Weight (when fully mounted): Under 5.1kg - Power Consumption (when fully mounted): 50W (240 V: 132 VA, 200 V: 120 VA, 130 V: 104 VA, 100 V: 95 VA) *Error report will be generated when fail to sync. There is no retry after fail.

2. How it work? Below user parameter can be updated; ・First Name ・Last Name ・Mobile phone1-4 ・E-mail address 1-3 ・Phone Number (Home) ・Phone Number (Personal Mobile) ・Memo-1 ・Memo-2 ・User ID   It is necessary to set up data mapping.

Chapter 3 How to program?

Domain name:testdom.local 3. How to program? Necessary to find these information from IT person to get connection from LDAP server. Sample Network AD Server Domain name:testdom.local IP: 192.168.0.211 AccessID:admin@testdom.local Admin password:adminPass!sep Organization=OPBD Prepare LdapAdmin.exe to see the information in LDAP. ex: dc, cn, ou, etc… See following slides. user name: Aaron Brown ------

3. How to program? To get LdapAdmin.exe http://www.ldapadmin.org/download/ Download Exec file itself (it’s not an installer.). Copy to any folder you want. Run it with the administrator privilege.

3. How to program? How to connect LdapAdmin? How to set parameters In this sample case IP:192.168.0.211 port:389 AccessID:admin@testdom.local Admin password:adminPass!sep How to set parameters 1. Set Host, port, 2. Uncheck “Anonymous connection” Then set Username, Password 3. Test Connection 4. Fetch DNs, then Select Base You find dc=testdom,dc=local 1 4 2 Uncheck 3

3. How to program? Find Attribute in AD(LDAP) You could find ou=opbd,dc=testdom,dc=local We need this info. for setting with WebMC to setup LDAP Integration

3. How to program? LDAP Server Setting In this sample case IP:192.168.0.211 port:389 AccessID:admin@testdom.local Admin password:adminPass!sep - Server Address - Port number User ID Password Test connection

3. How to program? Anonymous access It is possible to set “anonymous” as User ID to access LDAP server while “ANONYMOUS LOGON” right has set at LDAP server side. Set up as above, User ID = anonymous and no password. Reference URL https://technet.microsoft.com/en-us/library/cc961563.aspx

3. How to program? External Directory Setting Keep as default ou=opbd,dc=testdom,dc=local (Checked by LdapAdmin.exe) ou=opbd,dc=testdom,dc=local “Enable”　Service Keep as default Need ‘ * ’ after ‘ % ’ So (|(cn=%*)(sn=%*)) Default:24 Max :200 Set up Data Base for External Phone book. “Enable” target Number Adjust Attribute according requirement

3. How to program? External Directory Setting You can adjust “Name Attribute for search” condition like; “cn,sn” meant either full name search or last name search “givenName” is attribute for first name in AD. So you can add this as condition like cn,sn,givenName Then it is necessary to add this to “Name Filter” like (|(cn=%*)(sn=%*) (givenName=%*))

3. How to program? External Directory Setting -CLI and Name Integration- Set up CLI and Name integration based on information from External Phone book.

3. How to program? Search Setting ou=opbd,dc=testdom,dc=local User Container Sync Need to define which identity use as user ID ou=opbd,dc=testdom,dc=local ou=opbd,dc=testdom,dc=local Keep as default Need ‘ * ’ after ‘ % ’ So (|(cn=%*)(sn=%*))

3. How to program? Find Attribute in AD aa@icloud.com E-mail address is data ID in case using AD.

3. How to program? Find Attribute in AD

3. How to program? Datasource Mapping Adjust relation in between source data and data appear in NSX. Based on “Attribute” information you could find by ldapadmin.exe Default Active Directory correspondings change change change If you want

3. How to program? Sync Control Scheduled Sync Sync immediately *Data in LDAP and User has to be tied before conduct this

3. How to program? Sync Control In case of AD and if there is no “e-mail” assigned to User data then during Database Sync process you will not get confirmation screen. It is succeed to read data one time only and no automatic data sync.

Appendix

Appendix Sync Control ・Bind User data in AD server and User data in NSX need ”uid” at User data in AD. ・There is no “uid” at AD server by default. ・In case of maintain “uid” at AD side then it is necessary to activate “SUA = Subsystem for Unix Application” at AD server. Or ・Add “uid” to AD server by “LdapAdmin.exe”. Either way it is necessary to add “uid” to user AD server.

Appendix Sync Control -How to add “uid” by LdapAdmin?- 1)Right Click at User and select “Edit Entry”. 2)Enter unique number to “uid” column.

Thank you ! The END Appendix Sync Control -How to deploy “SUA = Subsystem for Unix Application” at AD server?- It is necessary to initiate bellow 3 command line by PowerShell at AD server. Thank you ! The END

Appendix Sync Control -How to add “uid” at AD server?- It is necessary to add “SUA = Subsystem for Unix Application” at AD server.

Appendix Sync Control If “uid” bind to User data in NSX then you will be prompted to confirmation screen. Otherwise it is succeed to read data one time only and no automatic data sync.

Thank you ! The END

Modification 5.7_NSX1000_2000_LDAP_Rev1.0_30Mar2016.pptx - 1st release - P15 added "Preare LdapAdmin.exe ..." - P16-18 moved the explanation about LdapAdmin.exe from later part. added detailed procedure to conect LdapAdmin.exe to LDAP Server. - P20 correction about Name Filter setting. (location of *) - P22 correction about Name Filter setting. (location of *) P25 added configuration of data mapping for Active Directory 5.7_NSX1000_2000_LDAP_Rev1.2_22Apr2016.pptx Add P27-30 that explain condition to use Scheduled Data Sync feature. Add P32 5.7_NSX1000_2000_LDAP_Rev1.3_17May2016.pptx Add description to Slide 9 5.7_NSX1000_2000_LDAP_Rev1.4_10Aug2016.pptx Revise description to Slide 20 Revise/Add description to Slide 22

Modification 5.7_NSX1000_2000_LDAP_Rev1.5_26Oct2016.pptx Change description at Slide 20 Add Slide 27 Slide describe uid for AD move to Appendix section 5.7_NSX1000_2000_LDAP_Rev1.6_27Oct2016.pptx Change position of slide 31 5.7_NSX1000_2000_LDAP_Rev1.7_9Nov2016.pptx - Add slide 20 that describe anonymous access. 5.7_NSX1000_2000_LDAP_Rev1.8_30Nov2016.pptx Add description at slide 21. Add slide 22 Add description at slide 28