A corporate directory is populated with contact information from an external source such as a Microsoft Active Directory or OpenLDAP. Corporate directories use LDAP to communicate with a centralized directory service, allowing organizations to manage and store their directory in a one place. This single source helps keep information up-to-date and makes it easier for end users to look up contacts. Those responsible for implementing a corporate directory should be familiar with LDAP and work closely with their directory system admin during setup.

Note: You must power cycle your devices to apply any changes made to a corporate directory’s settings.

Supported Devices

At this time, corporate directories are only supported on Polycom, Snom, and Cisco SPA devices. All other devices need to be set up manually per the manufacturer’s specifications.

Corporate Directory Settings

To access the settings for a corporate directory, click Corporate Directories in the left sidebar and then select the corporate directory you would like to set up.

corporateDirectories_access

General Tab

General

Name

Name by which the corporate directory is identified.

Connection Settings

Host

Host DNS name or IP address of the directory server. Devices must be able to resolve this address since the searches are executed directly from the phone to the directory server.

Port

The default LDAP port is 389. It is unusual for this value to be different.

LDAPS is not always supported. As a result, make sure to use a username with read-only access. If LDAPS is deployed, the correct port will need to be entered (usually 636).

Use TLS
Enable this setting to use LDAP over TLS. This is only supported on Polycom devices and where the LDAP server has a valid certificate.

Bind DN

The distinguished name (DN) with which devices will bind (authenticate).

Bind Password

Password required for the phone to authenticate as the given Bind DN. Click Show Password to display/hide the password.

LDAPS is only supported on Polycom phones and only if an appropriate certificate (see the Certificate tab below) is uploaded.

Unless an appropriate certificate has been uploaded, the bind password will be sent in clear text across the network. If you do not have a valid certificate, it is highly recommended that the bind DN should be a read-only user.

Certificates are only usable on Polycom devices. On all other manufacturers handsets, the bind password will ALWAYS be sent in clear text. Failure to use credentials with read-only access can lead to the directory service being compromised.

Search Settings

Search base

Directory location where searches will be based.

Search scope

Depth of the search through the directory tree.

Subtree
Searches all entries in and below the location specified in the search base.

One level
Only searches entries in the location specified in the search base and not any subdirectories.

Filter

Optional filter added to all searches made by the devices against the directory server.

Display name attribute

Attribute used as the name in results returned to the device in searches. Used for Cisco/Linksys SPA devices. For Polycom SoundPoint IP devices, the results are displayed [Last Name Attribute], [First Name Attribute].

First name attribute

Attribute that contains the first name in the directory. Devices will also filter against this attribute in searches.

Last name attribute

Attribute that contains the last name in the directory. Devices will also filter against this attribute in searches.

Phone number attributes

A comma separated list of phone number attributes in the directory. In the case of Cisco/Linksys SPA devices, the first listed phone number is the only number that the device can directly dial. The rest are only displayed for informational purposes.

Tip: Use a narrow search base and a filter. Searches against the directory can cause significant strain for large organizations. The impact of the searches can be minimized by using a more specific search base (i.e. “ou=Users,dc=example,dc=com” is better than “dc=example,dc=com”). Also, defining a filter like “(objectclass=person)” can significantly reduce search load in certain directory implementations.

corporateDirectories_GeneralTab

Certificates Tab (Polycom Only)

Additional Certificate Authorities

Only Polycom devices support the use of certificates to enable LDAP using TLS.

If your LDAP server is using a certificate signed by a certificate authority that is ‘trusted’ by Polycom, then no settings are needed on this page.

If you don’t have a certificate signed by a certificate authority that is trusted by Polycom, then you must provide the “public certificate” of the signing certificate authority. You will generally need to contact your certificate authority to obtain this.

Add the certificate in the provided text field in base64 PEM format. Make sure to copy and paste the entire contents of the certificate file provided by your certificate authority within the header -----BEGIN CERTIFICATE----- and footer -----END CERTIFICATE-----. Multiple certificates can be entered as needed.

corporateDirectories_CertificateTab

Was this help page useful? Send feedback.

Was this help page useful?


This form is to provide feedback on our help pages. if you need assistance, let's talk—we'd love to hear from you.