Configuring a CISCO SPA phone to use Active Directory as a phonebook

Cisco SPA Phones have the ability to look up for phone numbers and contacts in an Active Directory/LDAP. For this a template needs to be created and  the Cisco Phones need to be re-provisioned with this template to enable them  to access Active Directory and take AD user information from there.

Step 1: Locating the Cisco template in the 3CX Management Console

Access the 3CX Management Console and click on the node Settings / Provisioning Templates. Click on the drop-down Template Type and select Phones. Select Cisco SPA from the Template Name dropdown and click the Edit button.

Step 2:  Copy and Paste the required LDAP parameters in the Cisco template

Find the section tag called <flat-profile> in the Cisco template and paste the following:

<!–########################################################–>
<!–### LDAP CISCO ###–>
<!–########################################################–>
<Domain group=”System/Optional_Network_Configuration”>Domain.TLD</Domain>
<Primary_DNS group=”System/Optional_Network_Configuration”>DNS Server for internal Domain</Primary_DNS>
<LDAP_Dir_Enable group=”Phone/LDAP_Corporate_Directory_Search”>Yes</LDAP_Dir_Enable>
<LDAP_Corp_Dir_Name group=”Phone/LDAP_Corporate_Directory_Search”>Corp-Directory</LDAP_Corp_Dir_Name>
<LDAP_Server group=”Phone/LDAP_Corporate_Directory_Search”> FQN of Domain Controller with Global Catalog </LDAP_Server>
<LDAP_Auth_Method group=”Phone/LDAP_Corporate_Directory_Search”>DIGEST-MD5</LDAP_Auth_Method>
<LDAP_Client_DN group=”Phone/LDAP_Corporate_Directory_Search”>DC=Domain,DC=TOPLevel</LDAP_Client_DN>
<LDAP_Username group=”Phone/LDAP_Corporate_Directory_Search”>User</LDAP_Username>
<LDAP_Password group=”Phone/LDAP_Corporate_Directory_Search”>Password</LDAP_Password>
<LDAP_Search_Base group=”Phone/LDAP_Corporate_Directory_Search”> Ldap Base to search for Users and Contacts </LDAP_Search_Base>
<LDAP_Last_Name_Filter group=”Phone/LDAP_Corporate_Directory_Search”>sn:(sn=*$VALUE*)</LDAP_Last_Name_Filter>
<LDAP_First_Name_Filter group=”Phone/LDAP_Corporate_Directory_Search”>cn:(cn=*$VALUE*)</LDAP_First_Name_Filter>
<LDAP_Search_Item_3 group=”Phone/LDAP_Corporate_Directory_Search”/>
<LDAP_Item_3_Filter group=”Phone/LDAP_Corporate_Directory_Search”/>
<LDAP_Search_Item_4 group=”Phone/LDAP_Corporate_Directory_Search”/>
<LDAP_item_4_Filter group=”Phone/LDAP_Corporate_Directory_Search”/>
<LDAP_Display_Attrs group=”Phone/LDAP_Corporate_Directory_Search”>a=cn;a=sn;a=telephoneNumber,n=Phone,t=p;</LDAP_Display_Attrs>
<LDAP_Number_Mapping group=”Phone/LDAP_Corporate_Directory_Search”/>

Step 3: Modifying the template according to your domain settings

Replace the variables according to the values in your environment. Not all variables need to be changed. The ones that require modification are mentioned and explained below. The others can remain default.

command

Figure 1: In this example, the domain is “Stefan.local”

  1. Domain Group – You need to replace the variable Domain.TLD (Domain.TopLevelDomain) with your domain. To do this open a command prompt window and type the following: ipconfig /all
  2. Primary DNS Group – Replace the variable “DNS Server for internal domain” with with the primary DNS Server. This information can be achieved by typing ipconfig /all and scroll to where you have DNS Servers.
  3. LDAP_Server group – The LDAP server group is the FQDN of the Active Directory Server. Example: dc08.stefan.local where dc08 is the host name and stefan.local is the domain name. Replace “FQDN of Domain Controller with Global Catalog” with dc08.stefan.local
  4. LDAP_Client_DN Group – Replace the variables “DC=Domain, DC=TOPLevel with the domain controller and the Top Level Domain. Example if the domain is Stefan.local, you need to put DC=Stefan, DC=local
  5. LDAP Username Group – Replace “User” with an active directory user. This User must have the appropriate permissions to read Active Directory values. Note: You should not use a Domain Administrator username. A dedicated user must be created example CiscoLdap and this can be used as the user name.
  6. LDAP Password Group – Replace “Password” with the Password of the CiscoLdap User account
  7. LDAP Search Base Group – This is the Base in AD where searches will be made. For LDAP Search Base group you need a Microsoft tool called ADSI. In Windows Server 2008, ADSI is located in the Administrative Tools section. In Windows Server 2003, “Support Tools” need to be downloaded from Microsoft and installed. Note: There are many versions of this tool and you need to download the tool that fits your Operating system.  Now:
    • Open ADSI and select the Organization Unit of your choice.
    • Open Properties and click on Domain User Properties
    • Double click on “distinguishedName” and take note of this value. (See Figure 2)
    • Replace the variable “Ldap Base to search for users and contacts” with the value of the attribute “distinguishedName” you previously took note of.

This shows the value of the “distinguishedName” to be  OU=Domain-User,DC=stefan,DC=local.

Figure 2: This shows the value of the “distinguishedName” to be  OU=Domain-User,DC=stefan,DC=local.

Fig3_Sampletemplate
Figure 3: Snapshot of how the LDAP section will look like in the template.

At this stage, the template should look like Figure 3 where the variables described above are replaced with the information of your environment.

Step 4: Create the New Cisco Phone template for LDAP.

Under the “model” tag delete all the models you see and add the following: <model>Cisco SPA LDAP</model>

Fig4_Model
Figure 4a: Model Section in Cisco Template – This is how the model section should look like for this template.

Click on Apply to save these changes. You will be prompted to save the file.  IMP: Do not overwrite the current template file. Type in a new template name and file name to ensure that you keep the original 3CX Templates as they were shipped with the standard 3CX Phone System installation.

Fig5_saveas
Figure 4b: In this case the template name was renamed to Cisco SIP Phone LDAP and the File name was renamed to ciscoLDAP.ph

Step 5: Setting up the extension in the 3CX Management console for provisioning

fig6_extensions
Figure 5: The new template will be displayed in the Edit Extensions provisioning tab section in the 3CX Management Console

Log out of the 3CX Management console and log in again. Click on Edit Extensions and click Phone Provisioning tab. Enter the Mac address and click on the Model dropdown list. You will see the new Cisco SPA LDAP option available. Select this and click OK. This action will automatically generate a new provisioning file.

Step 6: Forcing the Phones to re-provision

Now reboot the phones via the management console.

 

Extra LDAP Information:
If you have other phone number information configured in Active Directory for your users, example Ip Phone or Mobile Number, you can change the LDAP_Display_Attrsgroup variable to make this number available for the phone to use.

Example 1: This will force the phone to dial the IP PHONE number from AD
a=cn;a=sn;a=ipPhone,n=Phone,t=p;

Example 2: This will force the phone to dial the MOBILE number from AD
a=cn;a=sn;a=mobile,n=Phone,t=p;

Liked this article?


Get notified of new articles
or share
You might also be interested in: