LDAP
LDAP can be used when searching for contact from the Magic Search.
From linphonerc, each LDAP configurations are set in the section [ldap_X] where X is the index of the connection starting from 0.
Available keys with its default:
| Keyword | Default value | Is required | Description |
|---|---|---|---|
| server | ldap:/// | Required | LDAP Server. eg: ldap:/// for a localhost server or ldap://ldap.example.org/ |
| bind_dn | Bind DN to use for bindings. The bindDN DN is the credential that is used to authenticate against an LDAP. If empty, the connection will be Anonymous. eg: cn=ausername,ou=people,dc=bc,dc=com | ||
| base_object | dc=example,dc=com | Required | BaseObject is a specification for LDAP Search Scopes that specifies that the Search Request should only be performed against the entry specified as the search base DN. No entries above it will be considered. |
| timeout | 5 | Timeout in seconds | |
| min_chars | 0 | The minimum characters needed for doing a search. | |
| max_results | 5 | The max results when requesting searches. | |
| delay | 500 | The delay between each search in milliseconds. | |
| auth_method | 1 | Authentication method. Only 1 = "SIMPLE" and 0 = "ANONYMOUS" are supported. SIMPLE is a connection with username and password. ANONYMOUS is a connection without passwords. | |
| password | Password to pass to server when binding. | ||
| filter | (sn=*%s*) | The search is based on this filter to search contacts. | |
| name_attribute | sn | Check these attributes to build Name Friend, separated by a comma and the first is the highest priority. | |
| sip_attribute | mobile,telephoneNumber,homePhone,sn | Check these attributes to build the SIP username in address of Friend. Attributes are separated by a comma. | |
| sip_domain | "" | Add the domain to the sip address(sip:username@domain). If empty, the domain will be specify while searching on the current proxy account. | |
| enable | 0 | If this config is enabled. | |
| use_sal | 0 | The dns resolution is done by Linphone using Sal. It will pass an IP to LDAP. By doing that, the TLS negociation could not check the hostname. You may deactivate the verifications if wanted to force the connection. | |
| use_tls | 1 | Encrypt transactions by LDAP over TLS(StartTLS). You must use \'ldap\' scheme. \'ldaps\' for LDAP over SSL is non-standardized and deprecated. StartTLS in an extension to the LDAP protocol which uses the TLS protocol to encrypt communication. It works by establishing a normal - i.e. unsecured - connection with the LDAP server before a handshake negotiation between the server and the web services is carried out. Here, the server sends its certificate to prove its identity before the secure connection is established. | |
| debug | 0 | Debug mode | |
| verify_server_certificates | -1 | values: -1:auto from core, 0:deactivate, 1:activate Specify whether the tls server certificate must be verified when connecting to a LDAP server. |
An example of configuration could be:
auth_method=1
base_object=dc=example,dc=com
bind_dn=ou=people,dc=com
debug=0
delay=500
display_name=LDAP Test
enable=1
filter=(sn=*%s*)
max_results=50
min_chars=0
name_attribute=sn
password=clear_password
server=ldap://ldap.example.com/
sip_attribute=mobile,telephoneNumber,homePhone,sn
sip_domain=sip.example.com
timeout=5
use_sal=0
use_tls=1
verify_server_certificates=-1