ProCall Enterprise client as a LDAP client
| Update status | November 2023 |
|---|---|
| Product relevance | estos ProCall 8 Enterprise estos ProCall 7 Enterprise |
LDAP directory as data source in the ProCall Enterprise client
ProCall Enterprise offers the option of setting up the ProCall Enterprise client as an LDAP client in order to integrate an LDAP directory:
- For name resolution for incoming calls
- During the search
You can find the corresponding documentation here:
- Setting up data sources in the ProCall 8 Enterprise client
- Setting up data sources in the ProCall 7 Enterprise client
- Call up the help via the help buttons or the F1 key
Configuration notes
When setting up the connection of an LDAP directory, the details of the LDAP server to be connected must be entered in the directory service (LDAP) dialog:
Example screenshot: Search – Data sources – LDAP data sources
| Details | |
|---|---|
| Server name | The FQHN of the LDAP server must be entered here |
| Port | (Default: 389) The listening port of the LDAP server for accessing the directory service is specified here. |
| Using SSL | Option to activate SSL encryption of the LDAP connection. |
| Using the Global Catalog | This option is not available here. |
| Paged search | Search result paging is only available in conjunction with LDAP version 3. |
| LDAP version | Depending on the directory service to be connected, the version of the LDAP protocol offered there, usually LDAP version 3. |
Example screenshot: Database wizard – Directory Service (LDAP) – Server name, Port, LDAP version
The accessibility of the addressed LDAP server is checked immediately via Next > to the next dialog..
If the LDAP server cannot be reached under the specified connection data, a corresponding error message appears.
Example screenshot: Database wizard – Accessibility of the LDAP server – Error message The connection to the server failed. Server shut down
Possible reasons for a failed connection:
- Directory service on the LDAP server is not started or not activated
- Network between ProCall Enterprise client and LDAP server does not allow connection between these hosts
- A security device in the network prevents a connection between ProCall Enterprise client and LDAP server, e.g. firewall
- The information for addressing the LDAP server (server name or port) is not correct
The user ID for an authenticated LDAP connection can be stored in the Login information dialog.
Example screenshot: Database wizard with login information
The selected authentication is checked via Next > to the next dialog.
If the login data cannot be authenticated by the addressed LDAP server, an error message appears The connection to the server failed. Invalid login information.
Example screenshot: Database wizard error message for invalid credentials
Search parameters in search options
You can set the parameters for the search in the Search options dialog:
| Search parameters | |
|---|---|
Search base | The LDAP container is specified here as the BaseDN that is to be searched for. By default, the LDAP scope sub is used so that all containers subordinate to the BaseDN are also searched. (See setting option Search only in the search base (no sub-folders)). |
Filter | The object class or other filter parameters can be set here to avoid unwanted hits or to optimize the search. The syntax to be used here is based on RFC 2254. One filter expression can be specified, the stringing together of several filter expressions is not intended to be LDAP-compliant. |
Search only in search base | This option controls the LDAP scope for the search.
This option is deactivated by default and the scope sub is therefore set. |
Timeout in seconds | Time period that must be exceeded between sending the search query and receiving the response in order to interpret an LDAP query as unsuccessful due to timeout. |
Maximum number of entries displayed during the search | Here the size of the page is specified by the client in order to inform the LDAP server of the maximum number of hits to be returned within a result response. For this setting to be taken into account, the paged search setting option must be activated in the directory service (LDAP) dialog. |
Example screenshot: Database wizard – Search options for contacts in the LDAP directory – Search base, Filter, Timeout, Maximum number of entries
Click Next > to go to the next dialog Assigned fields to link the LDAP attributes of the LDAP source directory with the attributes used in ProCall Enterprise client:
Assign attributes/fields
Example screenshot: Database wizard – Map fields – Source – Destination
The attributes to be displayed in ProCall Enterprise client must be assigned the corresponding source attributes from the LDAP directory.
To simplify the mapping of the source and target attributes, the navigation buttons First and Next are located under the left-hand list element. These can be used to visualize the LDAP object contents from the source directory.
The Standard and Delete buttons are located under the right-hand list element.
The Standard provides a frequently used assignment of source and target attributes, which must, however, be adapted to the actual situation or at least verified. The Delete button removes all mappings so that all required mappings must be selected from the start.
Export/import configuration file
In the bottom left-hand corner of the dialog, you will find the options for importing and exporting the assignment configuration:
| Import assignment configuration |
| Export assignment configuration |
| The file extension for this configuration file is .FXM. | |
Several source attributes can also be mapped to one target attribute.
However, this feature is not supported in all masks or dialogs of ProCall Enterprise client and leads to incorrect results in the parameterized search in connection with LDAP data sources.
The suitability of this configuration option must therefore be verified before it is used in productive operation.
Enter profile name
Finally, a Profile name is specified for the LDAP connection set up:
Example screenshot: Database wizard – Field mapping successfully completed – Specify profile name
This profile name for the LDAP connection is also displayed in the search results list as a categorization according to the source origin, which is why it is recommended to assign a meaningful data source name here.
In extensive hit lists, this categorization by data source origin ensures a better overview.
Calling up the configuration
With the exception of the profile name, all configuration steps and selected settings made above can be changed by editing the data source via Edit... - Advanced - Configure... is called up:
Example screenshot: LDAP Directory – Server – Port – Search base – Configuration
Search filters used
The ProCall Enterprise client search function on an LDAP directory service depends on a conscientious assignment of the source and target attributes.
Therefore, here are some examples of the search in ProCall Enterprise client and the resulting LDAP search filter.
Examples
Name search
The name search searches for a character string in all name fields. No commas are used in this search query so as not to search for specifically selected attributes such as first name, surname, department, company or location. The LDAP search query then contains this search filter (using the example of the search for the character string Anderson):
(&(objectClass=*)(|(|(|(|(|(|(|(sn=Anderson*)(sn=* Anderson*))(givenName=Anderson*))(givenName=* Anderson*))(displayName=Anderson*))(displayName=* Anderson*))(company=Anderson*))(company=* Anderson*)))Detailed search
estos ProCall Enterprise client can be customized for the detailed search. Further information on this can be found in the online help or the help (search term search parameters).
A specific search parameter can be selected by entering commas:
In the example shown, a company is searched for. The LDAP search filter then appears in this form:
(&(objectClass=*)(|(o=metacortex*)(o=* metacortex*)))Combined detail search
The combined search for a first name (Thomas) and a company (metaCortex)
For example, shows the LDAP search filter like this:
(&(&(objectClass=*)(|(|(|(|(|(givenName=Thomas*)(givenName=* Thomas*))(sn=Thomas*))(sn=* Thomas*))(displayName=Thomas*))(displayName=* Thomas*)))(|(o=metacortex*)(o=* metacortex*)))Test and analysis tools
In order to optimally connect an LDAP directory service to estos ProCall Enterprise client, detailed knowledge of the structure of the directory is required.
It is advisable to use an LDAP client or LDAP browser that is independent of the estos software to obtain a comprehensive picture of the LDAP schema (attributeTypes, ldapSyntaxes, matchingRules, objectClasses), i.e. the object classes, the objects and their attributes (with MUST and MAY constraints, comparison rules, permitted character types, ...) in the directory to be connected.
The OpenLDAP client tools, JXplorer, Softerra LDAP browser, LDAP admin, LDAP browser, ... are representative of many freely available LDAP client applications.
In order to verify the ProCall Enterprise client search functions in connection with an LDAP directory, these test tools offer the possibility to directly enter LDAP bindRequests and LDAP searchRequests including searchFilters, for example, in a simple way and thus verify the directory queries.
Further information
Best practice: Administrative specification of data sources and search nodes
estos ProCall 8 Enterprise customize – Search
estos ProCall 7 Enterprise customize – Search