The below is a combination of the "official" Polycom Technical Bulletin => here <= and a Wiki post => here <= (THX to the Author !)
NOTE: The below instructions expect some kind of Linux command line knowledge!
- Install slapd and ldap-utils
apt-get install slapd ldap-utils
- Reconfigure slapd
dpkg-reconfigure -plow slapd
The above will prompt you to answer a few configuration questions.
- Omit OpenLDAP server configuration? No
- DNS domain name: sbaierhome <= my example change to suit your setup
- Organization name: Polycom <= my example change to suit your setup
- Adminstrator password: T3ch!ab <= my example change to suit your setup
- Database backend to use: HDB
- Do you want the database to be removed when slapd is purged?: Yes(I actually had to purge once, so this makes for a clean start)
- Move old database: Yes (If you reconfigure a second time, it will complain that there's already a backup-file in /var/backups/*.ldapd and reconfiguration will fail - it's safe to delete this file, then restart reconfiguration)
- Allow LDAPv2 protocol?: No
As described in the Polycom Guide as well as follows:
- By default, the Open LDAP server is not configured to support the phone LDAP client’s search operation (<= for less than or equal to, >= for greater than or equal to). The Open LDAP server’s core.schema file has to be modified to add ORDERING caseIgnoreOrderingMatch in both the object class surname and givenname. Once changes are made, the LDAP service must be restarted for changes to take effect.
We stop the newly installed LDAP server
/etc/init.d/slapd stop
We now Edit the relevant file
NOTE: Since VVX UC Software 5.7.0 or Trio UC Software 5.7.1 the below 2 modifications are no longer required as the Polycom phone now has a new parameter:
<test dir.corp.serverSortNotSupported="1" />
Only required UC Software 5.6.x or older
nano /etc/ldap/slapd.d/cn\=config/cn\=schema/cn\=\{0\}core.ldif
The following line
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
amily) name(s) for which the entity is known by' SUP name )
needs to be appended as
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
amily) name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch)
and in addition
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
st name(s) for which the entity is known by' SUP name )
needs to be appended as
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
st name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch)
You store the modified file via CTRL-O and leave the file via STRG-X
Once the above has been actioned we start the LDAP again
/etc/init.d/slapd start
Adding example Data to the LDAP Server go to your home-directory
cd mkdir directory_files cd directory_files
The above directory_files subdirectory is the destination for the openLDAP ldif-files with the content we want to add to LDAP
First, we create an OrganizationUnit called "people" which will hold the user account utilized by phone to authenticate towards the openLDAP.
nano people.ldif
copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X
dn: ou=people,dc=sbaierhome #<= my example change to suit your setup ou: people description: holds users of the directory objectClass: organizationalUnit
Now we create the actual User polycom and add him to the OrganizationUnit called "people"
nano polycom_user.ldif
copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X
dn: uid=polycom,ou=people,dc=sbaierhome #<= my example change to suit your setup changetype: add displayName: polycom cn: polycom givenname: polycom objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgperson uid: polycom sn: polycom userPassword: Tech!ab #<= my example change to suit your setup
Now we add an OrganizationUnit called "contacts" which will hold the Contacts that we want to be able to search via the openLDAP.
nano contacts.ldif
copy and paste the below into the new Window and store the modified file via CTRL-O and leave the file via STRG-X
dn: ou=contacts,dc=sbaierhome #<= my example change to suit your setup ou: contacts description: lists all contacts objectClass: organizationalUnit
The last piece is some Data for the openLDAP that we can search for
nano phonebook.ldif
The above creates the actual phonebook.ldif file.
Option 1 Single Entry Example:
The below example adds a single openLDAP Directoy Entry with the name John Doe. It adds a corporation name and a Phone number
dn: cn=John Doe,ou=contacts,dc=sbaierhome #<= my example change to suit your setup
changetype: add
givenName: John
sn: Doe
cn: John Doe
o: ACME Corporation
telephoneNumber: 0043123456789
objectClass: inetOrgPerson
NOTE: Pay attention to the Domain
copy and paste the above into the new Window and store the modified file via CTRL-O and leave the file via STRG-X
Option 2 Multiple Entry Example:
Create a CSV File containing the following example:
First Name, Last Name, Email, Username, Phone Number or IP
Note: I have added an example file containing 1500 random names >File<
Unzip the file and from a command line run:
cat 1500ExampleNames.csv | awk -F "," '{print "dn: cn="$1" " " "$2",ou=contacts,dc=sbaierhome\nchangetype: add\nobjectClass: inetOrgPerson\ndescription: "$4"\ngivenName: "$1"\nsn: "$2"\ncn: "$1" " " "$2"\no: T3Voice \ntelephoneNumber: "$5"\nuid: polycom\nmail: "$3"\n"}' > phonebook.ldif
The above will create the phonebook.LDIF file with 1500 random names for testing purposes. You can replace the CSV file with real data
Final Steps:
Now we just need to parse the above-created files into openLDAP.
Note: In our example, the password is T3ch!ab. In addition, remember to change to your own domain. In our example sbaierhome
- ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f people.ldif
- ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f polycom_user.ldif
- ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -v -f contacts.ldif
- ldapadd -x -D "cn=admin,dc=sbaierhome" -w 'T3ch!ab' -H ldap:// -f phonebook.ldif
Checking the openLDAP server works:
ldapsearch -D "uid=polycom,ou=people,dc=sbaierhome" -b "ou=contacts,dc=sbaierhome" -w 'T3ch!ab' -h 127.0.0.1 "(sn=*)"The Polycom Phone Configuration is
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!-- openLDAP -->
<!-- 10.252.149.122 steffen / T3ch!ab -->
<!-- Since UC Software 5.7.0 use dir.corp.serverSortNotSupported="1" for openLDAP -->
<!-- Source https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-Setup-an-openLDAP-server/m-p/75035#M14180 -->
<dir
feature.corporateDirectory.enabled="1"
dir.corp.serverSortNotSupported="1"
dir.corp.address="10.252.149.122"
dir.corp.port="389"
dir.corp.transport="TCP"
dir.corp.baseDN="ou=contacts,dc=sbaierhome"
dir.corp.scope="sub"
dir.corp.filterPrefix=""
dir.corp.user="uid=polycom,ou=people,dc=sbaierhome"
dir.corp.pageSize="32"
dir.corp.password="T3ch!ab"
dir.corp.cacheSize="128"
dir.corp.leg.pageSize="8"
dir.corp.leg.cacheSize="32"
dir.corp.autoQuerySubmitTimeout="1"
dir.corp.viewPersistence="0"
dir.corp.leg.viewPersistence="0"
dir.corp.sortControl="0"
dir.corp.attribute.1.name="sn"
dir.corp.attribute.1.label="last name"
dir.corp.attribute.1.type="last_name"
dir.corp.attribute.1.searchable="1"
dir.corp.attribute.1.filter=""
dir.corp.attribute.1.sticky="0"
dir.corp.attribute.2.name="givenName"
dir.corp.attribute.2.label="first name"
dir.corp.attribute.2.type="first_name"
dir.corp.attribute.2.filter=""
dir.corp.attribute.2.sticky="0"
dir.corp.attribute.2.searchable="1"
dir.corp.attribute.3.name="telephoneNumber"
dir.corp.attribute.3.label="phone number"
dir.corp.attribute.3.type="phone_number"
dir.corp.attribute.3.filter=""
dir.corp.attribute.3.sticky="0"
dir.corp.attribute.3.searchable="0"
dir.corp.attribute.4.name="o"
dir.corp.attribute.4.label="company name"
dir.corp.attribute.4.type="other"
dir.corp.attribute.4.filter=""
dir.corp.attribute.4.sticky="0"
dir.corp.attribute.4.searchable="1"
dir.corp.backGroundSync.period="3600"
dir.corp.vlv.allow="1"
dir.corp.vlv.sortOrder="sn givenName telephoneNumber"/>as follows:
Once the above was successful the Phone can connect:
010736.115|ldap |*|00|Initial log entry. Current logging level 0 010736.116|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389> 010736.116|ldap |3|00|ldapCfg::getConnParams:m_pHost=<ldap://10.252.149.122> m_fullAddr=<ldap://10.252.149.122> m_priSrv=<(null)> port=<389> trans=<0> 010736.116|ldap |1|00|ldapCfg::getBufsSize:m_xferSize=<32> m_cacheSize=<128> (m_secCacheSize=<128>) 010736.117|ldap |1|00|ldapCfg::createUtfTable:Loading default UTF settings 010736.117|ldap |1|00|ldapCfg::showUtfTable:createUtfTable 010736.117|ldap |1|00|ldapCfg::showUtfTable:utfsubset[0]=<0> ,<zz> 010736.117|ldap |1|00|cDynamicData::cDynamicData:m_circSize=<128> m_lowMark=<32> 010736.163|ldap |0|00|ldapData::newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub 010752.593|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389> 010752.593|ldap |1|00|ldapCfg::lookupHost:No srvLookup host=<10.252.149.122> port=<389> 010752.593|ldap |4|00|cDynamicData::activate:cDynamicData::activate() m_pCfg->lookupHost() = 1 010752.594|ldap |0|00|ldapData::newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub 010752.642|ldap |1|00|ldapData::queryResults:Sort-No Persist-No VLV-No 010752.643|ldap |1|00|ldapCfg::show:<LDAP configuration:> status=<1> 010752.643|ldap |1|00| <server version=3> <sort:ctrl=0x1-cfg=0x0> <vlv=No> <vrCrt=Yes> 010752.643|ldap |1|00| <host=ldap://10.252.149.122> <pfix=ldap://> <port=389> <trans=tcp> <bindOnInit=Yes> 010752.643|ldap |1|00| <baseDN=ou=contacts,dc=sbaierhome> <filterPrefix=> <sortOrder=sn givenName telephoneNumber> <invSortOrder=NULL> 010752.643|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt 010752.643|ldap |1|00|ldapCfg::getCaFile:LDAP:CA filepath = /ffs0/ca1.crt 010752.643|ldap |1|00| <attrib=sn,givenName,telephoneNumber,o><sub></ffs0/ca1.crt> 010752.644|ldap |1|00| <persistView=No> <persistSearch=No> 010752.644|ldap |1|00| <backgroundSyncPeriod=0> <autoQuerySubmitTimeout=1> 010752.644|ldap |1|00| <domain=NULL> <user=uid=polycom,ou=people,dc=sbaierhome> <pass=***> 010752.644|ldap |1|00|ldapCfg::getSSLv2v3Enabled:LDAP:SSLv2v3 Enabled = 0 010752.644|ldap |1|00| <SSLv2v3Enabled=0> 010752.644|ldap |1|00|ldapCfg::showAttr: Attributes: 010752.644|ldap |1|00|ldapCfg::showAttr: [0] <name=sn><label=last name><type=last_name><filter=><sticky=No><srch=Yes> 010752.644|ldap |1|00|ldapCfg::showAttr: [1] <name=givenName><label=first name><type=first_name><filter=><sticky=No><srch=Yes> 010752.644|ldap |1|00|ldapCfg::showAttr: [2] <name=telephoneNumber><label=phone number><type=phone_number><filter=><sticky=No><srch=No> 010752.644|ldap |1|00|ldapCfg::showAttr: [3] <name=o><label=company name><type=other><filter=><sticky=No><srch=Yes> 010752.676|ldap |1|00|ldapQueryNoSort::setQLimits:1::<UP> m_curSubset=<0/1> 010752.676|ldap |1|00|ldapEntry::show:setQLimits 1::top <0> 010752.676|ldap |1|00|ldapEntry::show:setQLimits 1::bot <zz> 010752.676|ldap |1|00|cDynamicData::finalizeInit:finalizeInit state=<4>
and Search openLDAP
0825150001|ldap |1|00|ldapQueryNoSort::setQLimits:1::<UP> m_curSubset=<0/1> 0825150001|ldap |1|00|ldapEntry::show:setQLimits 1::top <0> 0825150001|ldap |1|00|ldapEntry::show:setQLimits 1::bot <zz> 0825150001|ldap |1|00|ldapQueryNoSort::assmCondition:...1 0825150001|ldap |1|00|ldapQueryNoSort::fillQuery:qDepth=<1> same=<0> incl=<Yes> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevTop <0> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevBot <zz> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::top <> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::bot <> 0825150001|ldap |1|00|ldapQueryNoSort::isQueryValid:status=<1> top=<0> bot=<zz> sel=<> 0825150001|ldap |1|00|cDynamicData::getData:get enabled - filter OK <(&(sn%3E=0)(sn%3C=zz)(|(sn=Do*)(givenName=Do*)(o=Do*)))> 0825150001|ldap |0|00|ldapData::newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub 0825150001|ldap |1|00|ldapData::runSearch:dir=<DOWN> reverse=<No> index=<OFF> filter=<(&(sn>=0)(sn<=zz)(|(sn=Do*)(givenName=Do*)(o=Do*)))> 0825150001|ldap |0|00|ldapEntry::show:->new: <Doe> 0825150001|ldap |1|00|ldapEntry::iCmpEntry: 'Doe,John' > ',' 0825150001|ldap |1|00|cDynamicData::dataReady:total=1-process 0825150001|ldap |1|00|ldapEntry::show:getNext::top <Doe> 0825150001|ldap |1|00|ldapEntry::show:getNext::bot <zz> 0825150001|ldap |1|00|ldapQueryNoSort::getNewLimits:status=<1> 0825150001|ldap |1|00|ldapEntry::iCmpEntry: 'Doe,John' > '0,' 0825150001|ldap |1|00|ldapQueryNoSort::fillQuery:qDepth=<1> same=<0> incl=<No> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevTop <Doe> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::prevBot <zz> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::top <Doe> 0825150001|ldap |1|00|ldapEntry::show:fillQuery::bot <Doe> 0825150001|ldap |1|00|ldapQueryNoSort::isQueryValid:status=<1> top=<Doe> bot=<zz> sel=<> 0825150001|ldap |1|00|cDynamicData::getData:get enabled - filter OK <(&(sn%3E=Doe)(sn%3C=zz)(|(!(sn=Doe))(!(givenName%3C=John)))(!(sn=Doe))(|(sn=Do*)(givenName=Do*)(o=Do*)))> 0825150001|ldap |0|00|ldapData::newFilter:baseRequest=ldap://10.252.149.122/ou=contacts,dc=sbaierhome?sn,givenName,telephoneNumber,o?sub 0825150001|ldap |1|00|ldapData::runSearch:dir=<DOWN> reverse=<No> index=<OFF> filter=<(&(sn>=Doe)(sn<=zz)(|(!(sn=Doe))(!(givenName<=John)))(!(sn=Doe))(|(sn=Do*)(givenName=Do*)(o=Do*)))> 0825150001|ldap |1|00|cDynamicData::dataReady:total=0-restart 0825150001|ldap |1|00|ldapQueryNoSort::getNewLimits:status=<0> 0825150001|ldap |1|00|ldapQueryNoSort::assmCondition:cannot create query=<(&> <DOWN> 0825150001|ldap |0|00|ldapQuery::assmQuery:assmCondition error numC=<-1> 0825150001|ldap |0|00|ldapQuery::assmQuery:query cleared & released 0825150001|ldap |1|00|cDynamicData::getData:get enabled - filter NOK <>
Adding a GUI to openLDAP
The phpLDAPAdmin can be used to add a graphical user interface to the openLDAP ( source => here <= )
Installing the GUI
sudo apt-get install phpldapadmin
In order to run the Web Interface we need to modify some sections of the configuration
sudo nano /etc/phpldapadmin/config.php
The following lines need changing:
$servers->setValue('server','host','domain_nam_or_IP_address');
Change the above to the FQDN or IP address of the Linux machine that has openLDAP installed
Then
$servers->setValue('server','base',array('dc=test,dc=com'));
into
$servers->setValue('server','base',array('dc=sbaierhome'));
and
$servers->setValue('login','bind_id','cn=admin,dc=test,dc=com');
into
$servers->setValue('login','bind_id','cn=admin,dc=sbaierhome');
and search for the line hidetemplatewarning and uncomment the // in front of the line into and change from false into true
$config->custom->appearance['hide_template_warning'] = true;
Press CTRL-O to store and then CTRL-X to exit.
You can now Log In via the Web Interface by using the FQDN or IP address/phpldapadmin
The Password based on above example is T3ch!ab