Configure LDAP Server Access

Use the following procedure to configure Communications Broker to access one or more LDAP servers.

Points to be noted:

Table 11-1 Configuring LDAP Servers

Options in Configuring LDAP Servers Follow-up Action by Communications Broker
Configure LDAP server with the port along with the FQDN name Communications Broker:
  • Considers the configuration as an A-Record FQDN.
  • Sends out a DNS query when you save a configuration with FQDN as LDAP server.
  • Resolves the FQDN into an IP address using the media interface on saving.
No port information provided along with server name. Communications Broker considers the configuration as an SRV- Record.
  • Sends out a DNS query when you save a configuration with FQDN as LDAP server.
  • Resolves the FQDN into an IP address using the media interface on saving.
  • For SRV records FQDN, IP addresses are retrieved in the order of weights & priorities.
Configure LDAP server with an IP address without any port Communications Broker assigns the default port.
  1. Access the LDAP Configuration object.
    Configuration tab, System Administration section, LDAP, LDAP Config.
  2. On the LDAP config page, click the Add button and do the following:
    Name Description
    Name Name of LDAP Config element
    State Select to enable the LDAP configuration.
    LDAP Servers Add the following to define the LDAP configuration:
    • Enter either an IP address(es), OR FQDNs. Only a single FQDN is supported.
    • Enter the IP addresses (IPv4) in the dotted decimal format (0.0.0.0). The order of the resolved IP addresses is the actual order of preference.

      Note: A combination of IP addresses and FQDN is not supported.

    • Optionally, add the port numbers for each LDAP Server (such as port 389, 636, 1025- 65535. Communications Broker performs an SRV query when no port is configured, and A query when a port is configured.
    • The first IP addresses listed is considered as the primary LDAP Server, and the remaining servers are considered the backup or secondary LDAP Servers.
    • Round-Robin strategy is used to determine the active LDAP Server. This is applicable to both static IP addresses and the resolved A - record FQDN IP addresses. SRV records, round-robin is not applied since it is based on weights and priority. The default strategy is Hunt strategy.
    • The default ports: 389 (for LDAP over TCP) and 636 (LDAP over TLS).
    ldap-load-balance Load balance A records or static IP addresses. SRV records support only Hunt strategy.
    • Default value: hunt
    • Available values: hunt or round-robin

    Note: This is required only when the LDAP server is configured as a FQDN.

    Realm Enter the name of the realm to receive requests on. Default: ecb.

    Communications Broker uses the Realm configured under the LDAP configuration object for DNS resolution. The selected Realm must have a link to the network-interface with DNS parameters configured. The same must be attached to physical interface.

    Username Enter the user name that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default: blank.
    Password Enter the password to pair with the username attribute, that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default: blank.
    LDAP SearchBbase Enter the base Directory Number you can use for LDAP search requests. Valid values are alpha-numeric characters. Default is blank.
    Timeout Limit Enter the maximum amount of time, in seconds, for which the Communications Broker waits for LDAP requests from the LDAP server before timing out. When an LDAP response is not received from the LDAP server within the time specified, the request is retried again based on the max-request-timeouts parameter value. Default: 15. Valid values:1 to 300 seconds.
    Max Request Timeouts Enter the maximum number of times that the LDAP Server is sent LDAP requests before the Communications Broker determines that the server is unreachable and terminates the TCP/TLS connection. When an LDAP response is not received within the time specified for the timeout-limit parameter value, the request is retried the number of times specified for this max-request-timeouts value. Default: 3. Valid values: 0-10.
    TCP Keepalive Specify whether or not the Communications Broker keeps the TCP connection to the LPAD Server alive. Default: Disabled. Valid values: Enabled | Disabled.
    LDAP Sec Type Select the LDAP security type to use when the Communications Broker accesses the LDAP server. This parameter enables the use of LDAP over TLS (LDAPS). If you set a value for this parameter, you must also specify an LDA TLS Profile value. Default: none Valid values: none (No LDAP security type specified.) | LDAPS (Method of securing LDAP communication using an SSL tunnel. This is denoted in LDAP URLs. The default port for LDAP over SSL is 636.)
    Routing
    • State—Select to enable routing.
    • Route Mode—Select how you want the Communications Broker to order routes. Valid values: match-only | match-first | attribute-order.
    • From Header Replacement—Enter any text you want replaced in the from header.
    • Lookup Queries—Click Add, set the values for lookup, and click OK.
    • Operation Type: LDAP Operation type. The default value is or. <and, or>
    • The LDAP Servers can have the msRTCSIP and msRTCSIP-OptionFlags.
    Address of Record
    • Lookup Number Attribute—Enter the name of the attribute to query. Default: sAMAccountName.
    • Lookup Number Format Type—Select a type of translation to apply to the number before the query. Default: None: Valid values: None-use the called number as-is. | E164-+14445551234 | E164-No-Plus-14445551234 | No Country code-4445551234 | Pattern Only-use a portion of a matching dial plan | Regular Expression-apply a regular expression.
    • Lookup Number regex pattern—Enter an expression.
    • Lookup Number regex result—Enter the format to create a telephone number or query from values captured in a regular expression.
    • AoR Attribute—Enter the name of an address of record attribute to return from the directory.
    • AoR Extraction Regex—Enter a regular expression to parse the address of record returned from the directory.
    • AoR Value Format—Enter the format to create the address of record from values captured in a regular expression.
    SIP Authentication
    • Username Attribute—Set the name of the attribute to query. Default: sAMAccountName.
    • Digest Has Attribute—Enter the name of the hash attribute to return from the directory. Default: orclDigestPwdAttribute.
    TLS Profile Select the name of the Transport Layer Security (TLS) profile that the Communications Broker uses when connecting to the LDAP Server. The ldap-sec-type must be set to LDAPS for this profile to apply. Valid values are alpha-numeric characters. Default is blank. See the Oracle Enterprise Communications Broker Administrator's Guide for instructions on how to create a TLS profile.
  3. Click Back.
  4. Save and activate the configuration.