LDAP Based Corporate Directory via Cisco IP Phone Services SDK
Posted by Josh on Sat 18 Jul 2009Categories: Cisco , Cisco VOIP , Voice LAB - [29] Comments
In this tutorial, you will learn how to use the Cisco IP Services SDK to search Microsoft Active Directory without having to integrate Unified Communications Manager with LDAP. This can be useful if you have a multi-tennant environment or if you want to use an existing Active Directory database as an additional directory.
Part 1 (This video is best viewed in HD and Full Screen)
Part 2 (This video is best viewed in HD and Full Screen)
Part 2 (This video is best viewed in HD and Full Screen)
Requirements
Install IIS on a Windows server (if not already installed).
- Go to Start > Control Panel > Add or Remove Programs
- Click ‘Add/Remove Windows Components’
- Double-click ‘Application Server’
- Check ‘Internet Information Services (IIS)’
- Click ‘Ok’
- Click ‘Next’
- Wait for the install to complete and click ‘Finish’
Configure IIS to permit Active Server Pages Web Extension
- Go to ‘Start > All Programs > Administration Tools > IIS Manager’
- Expand the Local Computer and Click on ‘Web Extensions’
- Highlight ‘Active Server Pages’ and Click ‘Allow’
Download and Install the IP Services SDK
- Login to the server with IIS installed.
- Go to http://developer.cisco.com
- Select the ‘IP Phone Services’ API
- Click on the ‘Resources’ link
- Click on the most recent ‘IP Phone Services SDK’ zip file to download
- Save the file to your Desktop or other download area.
- Extract the zip file
- Double-Click the installer executable to install.
- Take the defaults and finish the IP Services Install.
Download and Install Microsoft ADSIEDIT (for LDAP Queries)
- Click Here to download the adsiedit.zip file
- Extract the contents of adsiedit.zip file to c:\windows\system32\
- Go to Start>Run>regsvr32.exe adsiedit.dll
- Go to Start>Run>adsiedit.msc
Modify the sample localizeddirectory.asp file
- Open c:\CiscoIPServices\ASP\LocalizedDirectory\localizeddirectory.asp with wordpad
- Use adsiedit.msc to change the variables
- Change the ldapserver variable.
The name or ip address of your Domain Controller will work.
var ldapserver = "10.10.10.50";
- Change the ldapsearchbase variable.
Use Adsiedit.msc. Navigate to the container or oganization unit that contains your users to be searched. Right click on the CN or OU and select properties. Copy the ‘distinguishedName’ and paste in this variable.
var ldapsearchbase = "OU=Blindhog_Users,DC=blindhog,DC=local";
- Change the ldapport variable.
If you are using Microsoft Active Directory, you will need to change this to 389.
var ldapport = "389";
- Change the ldapuserid variable.
Use adsiedit.msc. Navigate to a user you would like to use to query the ldap database. Right-click on the user and select properties. Copy the ‘distinguishedName’ and paste in this variable. It may also be a good idea to create a user account specifically for this purpose.
var ldapuserid = "CN=ccmadministrator,OU=Blindhog_Users,DC=blindhog,DC=local";
- Change the ldappassword variable.
This is the password of the user defined in the ldapuserid variable.
var ldappassword = "G00d3rP4ss0d";
- Save the new file as c:\CiscoIPServices\ASP\LocalizedDirectory\CorporateDirectory.asp
The top part of your CorporateDirectory.asp file should look similar to this.
var ldapserver = "10.10.10.50";
var ldapsearchbase = "OU=Blindhog_Users,DC=blindhog,DC=local";
var ldapport = "389";
var ldapuserid = "CN=ccmadministrator,OU=Blindhog_Users,DC=blindhog,DC=local";
var ldappassword = "G00d3rP4ss0d";
Create an XML file to pull directories together (optional)
- If you want your users to have Personal Directories as well as a corporate directory or multiple directories, you will need to create a new xml file.
c:\CiscoIPServices\ASP\LocalizedDirectory\Directories.xml
If not, you can just use your version of the following url for the ldap directory.
http://10.10.10.50/CiscoIPServices/LocalizedDirectory/CorporateDirectory.asp
- Edit the file to include the following format.
The following XML file is based on this topology. Please make changes according to your own topology. The first MenuItem is to give your users the Personal Directory (like the default in CUCM). The second MenuItem is
CUCM: 10.10.10.10
Microsoft AD: 10.10.10.50
<CiscoIPPhoneMenu>
<Prompt>Select a directory</Prompt>
<MenuItem>
<Name>Personal Directory</Name>
<URL>http://10.10.10.10:8080/ccmpd/pdCheckLogin.do?name=undefined</URL>
</MenuItem>
<MenuItem>
<Name>Corporate Directory</Name>
<URL>http://10.10.10.50/CiscoIPServices/LocalizedDirectory/CorporateDirectory.asp?action=search</URL>
</MenuItem>
</CiscoIPPhoneMenu>
Now, I have not tested this, but I imagine you could create several connections to different LDAP databases with the LocalizedDirectory Script and edit the xml file to query several directories by adding menu items to the above xml configuration.
Example:
<CiscoIPPhoneMenu>
<Prompt>Select a directory</Prompt>
<MenuItem>
<Name>Personal Directory</Name>
<URL>http://10.10.10.10:8080/ccmpd/pdCheckLogin.do?name=undefined</URL>
</MenuItem>
<MenuItem>
<Name>Directory 1</Name>
<URL>http://10.10.10.50/CiscoIPServices/LocalizedDirectory/directory1.asp?action=search</URL>
</MenuItem>
<MenuItem>
<Name>Directory 2</Name>
<URL>http://10.10.10.50/CiscoIPServices/LocalizedDirectory/directory2.asp?action=search</URL>
</MenuItem>
<MenuItem>
<Name>Corporate Directory</Name>
<URL>http://10.10.10.10:8080/ccmcip/xmldirectoryinput.jsp</URL>
</MenuItem>
</CiscoIPPhoneMenu>
Add the URL of the XML file to the IP Phones individually.
- Login to the Call Manager administration page
http://10.10.10.10/ - Go to Device > Phone
- Select a phone and enter the following URL in the ‘external directory’:
http://10.10.10.50/CiscoIPServices/LocalizedDirectory/Directories.xml
- To change the ‘external directory’ for all the phones, use the BAT tool.
Or, add the URL to all phones via the Enterprise Parameters.
- Login to the Call Manager administration page
http://10.10.10.10/ - Go to ‘System > Enterprise Parameters’
- Replace the ‘URL Directories’ parameter with the new XML file
http://10.10.10.50/CiscoIPServices/LocalizedDirectory/Directories.xml - Click ‘Save’
July 27th, 2009 at 10:15 am
Hi,
i tried it but it didn’t work
when i submit a request from my ip communicator, it doesn’t return anything:
“Records 0 to 0 of 0″
of course i checked many times, but i didn’t find anything.
CCM 4.1
thanks
July 27th, 2009 at 11:09 am
Niamor,
Does the XML page show up when you enter the URL in your PC’s web browser?
Josh
July 28th, 2009 at 3:47 am
Hi josh,
when i enter the URL on my web browser, it returns the xml file:
**URL**
http://172.20.27.50/CiscoIPServices/LocalizedDirectory/directory.xml
**XML File**
-
Select a directory
-
CCM Directory
http://172.31.12.67/CCMCIP/xmldirectoryinput.asp
-
AD Directory
http://172.20.27.50/CiscoIPServices/LocalizedDirectory/localizeddirectory2.asp?action=search
* When i choose “CCM Directory” it is ok. But when i choose AD directory it returns “Records 0 to 0 of 0″.
I was thinking it was an admin acount issue. What kind of administrator account do you use?
If i browse my AD with Softera Ldap browser and my admin account it works.
do I use LDAPSearch COM server?
**localizeddirectory2.asp***
var ldapserver = “172.20.27.50″;
var ldapsearchbase = “OU=Dev_users,DC=DEV,DC=lan”;
var ldapport = “389″;
var ldapuserid = “Admin”;
var ldappassword = “cisco123$”;
Thanks
172.20.27.50 = IIS, SDK and AD
172.31.12.67 = CCM 4
July 28th, 2009 at 5:29 am
Hi Josh!
It works now.
issue was AD users properties:
I filled only the firstname. The application needs firstname, name and display name.
Thanks for your help and for your website!
July 28th, 2009 at 10:24 pm
Hi,
Does anyone know of a way to insert a “0″ prefix onto the returned numbers. I’d have got a mobile number directory working but can’t dial because AD doesn’t include 0 for an outside line.
Great tutorial, Thanks,
Rob.
October 28th, 2009 at 7:48 am
Hey,
Thanks a lot for this nice tutorial, it helped me A LOT !
The connection with the AD is working fine, if I perform a search I get the list of users with their phone numbers, I also modified the asp file to get the ipPhone field instead of the telephonenumber field, everything is OK.
Nevertheless, if I perform a search by Phone Number, it will always try to look into the telephonenumber field, and not the ipPhone field.
Does anybody know how I could change this ?
Thanks in advance for your reply.
Yann
November 4th, 2009 at 8:23 am
Hi,
First off awesome tutorial. It’s working for me, but has anyone been able to modify the ldap query so that it only displays objects with an entry in the IpPhone field?
I was looking at running a script that would do the query and create the objects in a new ou, but I would definitely prefer it to be a one stop shop.
Thanks,
Mark
November 9th, 2009 at 11:58 am
Seconded on the “awesome tutorial”, great job and very helpful. I’m also curious to know the answer to Mark’s question above (#7). I can’t find a way to do that within the framework provided by cisco.
Also, I’m having an issue querying for users in my environment since we don’t have an OU that contains all users. Basically my AD structure has 46 OUs off the root. I can’t specify only “DC=company,DC=com” as the value for ldapsearchbase, as I get an “Operations error” exception every time I try. It appears to me that the cisco dll requires a string like “OU=xyz,DC=company,DC=com” and will not work without at least one OU specified. Can anyone confirm this or point me in a different direction? I have also used the SetSearchOption method provided by the dll to specify 0 (no limit) for search results with no success. (Although I confirmed that it works as the documentation specified and gave me 1000 results back on a query against a specific OU instead of the 320 I was getting previously.)
Thanks!
Jason
January 13th, 2010 at 1:31 am
Niamor,
Thanks for sharing your experience. I am sure this will help someone along the way.
Rob,
I do not know how to automatically manipulate the digits. I am sure you could edit the .asp code.
Yann, Mark & Jason,
I am not sure how to search the ipPhone instead of the Phone Number field. I am also not sure about searching the root.
Josh
March 5th, 2010 at 5:28 am
Hey,
Is it possible to configure localizeddirectory.asp for openldap Linux version in that same way like AD Windows?
April 17th, 2010 at 10:23 pm
Hi Jason,
You need to change the ldap port from ’389′ to ’3268′. This will allow you to search the entire directory.
Paul
April 22nd, 2010 at 12:49 pm
Thanks for the great tutorials. However, I couldn’t be able to get it worked
Not sure if this is because my IIS server is a vmware machine or something else.
For the ldapserver, I tried both the DC and IIS ip addresses. None of them works.
For the ldapuserid, I’m not showing any admin users under my OU. So I tried to use my own name (which is also a CCM administrator) instead and my CCM admin password but no luck. I also tried my domain password, still no go.
When I run this page:
http:///CiscoIPServices/ASP/LocalizedDirectory/CorporateDirectory.asp
It tells me “Internet Explorer cannot display the webpage”
I also tried the IIS server IP, and it tells me “The page cannot be found”.
Any idea what seems to be the problem?
Thanks,
Kevin
April 24th, 2010 at 12:23 pm
Kevin,
I am not sure if wordpress took the ip address out of your URL or you are missing one…
What happens if you just navigate to the IP address of your server from a web brower … for example. http://192.168.1.100
Do you get an “under construction” message on the page?
Josh
April 30th, 2010 at 8:42 am
Hi, Great tutorial, but doesnt work for me ):, my problem is, that I configure Directory URL for my phone and I see directly on the IP phone that this URL is configured, but it still takes directory xml from call manager. I think that it is maybe because of localization of my phone, it is completely localized to Czech so I dont know exactly where it finds Directory XML file with Czech language names.Do you have any idea?
John
July 13th, 2010 at 3:40 am
Hello,
When I run this page:
http:///myIISsrv/CiscoIPServices/LocalizedDirectory/CorporateDirectory.asp
an authorization window is displayed.
Any idea?
thanks
July 14th, 2010 at 3:36 pm
Hi,
I am trying to use this to search for characters with umlauts (German extended characters) but since the ldapsearch.dll makes the requests in ldapv2, the utf-8 extended characters do not get honored by AD, and it returns no results. I looked through the ldapsearch.dll programing guide, and do not see any way to set the version to 3.
Do you have any insight?
Thanks
Very nice tutorial BTW.
July 27th, 2010 at 8:22 pm
Johny_B,
Are you allowing annoymous access under directory security in IIS?
Josh
July 27th, 2010 at 8:23 pm
Nikolay,
Sorry. I don’t have any ideas for you.
Josh
August 26th, 2010 at 7:49 am
I am running
CM version 7.1
web server is 2003
I followed this and just got http error 500
any ideas?
August 26th, 2010 at 9:09 am
Peter,
You might try restarting IIS…
Josh
August 27th, 2010 at 2:33 am
yep tried that
September 1st, 2010 at 10:29 am
Peter,
Have you registered the COMServer LDAPsearch.dll.
I was also getting the 500 error until I did this.
December 9th, 2010 at 2:58 am
Great tutorial
Hhad found an issue with 32bit compatibility though. Resolved with info from http://forums.iis.net/t/1157890.aspx.
How can I expand the display on the phone to show the mobile number also. The LDAP query is working and I can see the mobile number in a webpage using http://localhost/CiscoIPServices/LocalizedDirectory/CorporateDirectory.asp?action=list.
but on the IP phone it shows the name and the telephone number but not the mobile.
Any advise will be appreciated.
Thanks
February 6th, 2011 at 10:43 pm
I am running:
CUCM Version 8
IIS 7
I can successfully browse the http://:8080/CiscoIPServices/LocalizedDirectory/CorporateDirectory.asp from a web browser.
In the Phone i receive the HTTP Error[404]!
Any ideas on implementing with CUCM v8?
January 6th, 2012 at 12:52 pm
CUCM Version 8.5
IIS 7 on Windows Server 2008 R2 with AD on the same server.
On the phone I am getting 500 error.
Peter were you able to fix your issue?
January 26th, 2012 at 2:03 am
Hi everybody, good tutorial.
Do I need CUCM for this to work? I’m using Asterisk and I get Error 500 when browsing CorporateDirectory.asp file.
April 24th, 2012 at 1:34 pm
sank…
[...]blindhog.net » LDAP Based Corporate Directory via Cisco IP Phone Services SDK[...]…
July 2nd, 2012 at 5:49 pm
hey Josh,
are you still read and reply your blog? because I really need an answer for this question :
Hey,
Is it possible to configure localizeddirectory.asp for openldap Linux version in that same way like AD Windows?
please, need your response ASAP. Thanks.
August 9th, 2012 at 4:41 pm
Hello Aga,
You can use this with Linux based Call Managers. I have not been able to get it to work with Windows 2008 server though … only Windows 2003.
Josh