Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution

Transcription

1 Technology Primer OPS Manager, Release 7.4 Integrating Your Directory Server with our Directory Service Solution The Mitel Integrated Directory Services (IDS) application synchronizes the telephone directory entries in the Mitel OPS Manager database with the directory entries in a central corporate directory server. IDS will operate with any LDAPv3-compliant directory server where its schema is extended with classes and attributes required by IDS. IDS software package contains software components to be installed in the following directory servers: Microsoft Active Directory Microsoft Exchange 5.5 Lotus Domino Novell edirectory The installation of the components (by running IDSSetup.exe) will extend the schema of the directory server and will also provide user interface snap-ins to the directory server management tool. IDS software package does NOT contain schema extension or snap-in components for any other directory servers. In order for IDS to operate with other LDAPv3-compliant directory servers, the directory server database schema must be extended with classes and attributes required by IDS. Management tool snap-ins are not needed for IDS to work and they may only provide convenience for updating IDS attributes of directory entries from the directory server side. This document provides detailed instructions on how to extend the directory server schema so that your directory server can work with IDS the same way as the out-of-box supported directory servers (Microsoft Active Directory, Microsoft Exchange 5.5, Lotus Domino and Novell edirectory). The document also provides some background information on IDS operations for the purpose of better understanding the schema extensions. Software designers who will perform the database schema extensions on the directory server should have a good knowledge of schema extension and application development of their specific directory server. They should follow the instructions in the document very carefully.

2 Administrators and users of the IDS application should refer to other documents on how to set up, how to configure and how to use IDS software. The recommended documents are as below. Mitel Enterprise Manager Technician s Handbook, Release 3.0 The handbook provides instructions about how to install, configure, upgrade, maintain, and troubleshoot Mitel Enterprise Manager and OPS Manager systems. IDS is covered in several sections Mitel OPS Manager Online Help The help document provides detailed information about how to use OPS Manager features to achieve your tasks (including many sections on IDS application) If you have authorization, you can access the Mitel Technical Documentation through the Mitel OnLine web site. You require a username and password to access this site. Visit in your browser. You may also access the OPS Manager documentation on your OPS Manager software CD-ROM. It is highly recommended that you review the above documents along with this document before you start performing your directory server schema extensions. Figure 1 DS/OPS/PBX/SET Synchronization Phone Directory Server OPS Manager SX-2000 PBX Phone Directory Modifications Device Programing Directory Modifications Directory Modifications Directory Modifications 2 Mitel Technology Primer

3 Introduction to Integrated Directory Services This section provides a brief introduction to OPS Manager s IDS functionality. More detailed description of how IDS works will be covered in the section Integrated Directory Services In Operation later in this document. Overview IDS synchronizes selected directory information between a central corporate Directory Server (DS), OPS Manager, and the PBX network. This synchronization provides a single administration point for all systems involved. The DS Figure 1, on the previous page, shows these systems and the information that flows between them. (In Figure 1, Directory Modifications pertain to any modification; that is, a move, add, change or delete.) IDS allows the voice domain to be integrated with your organization s overall Directory Server strategy and implementation, giving you the ability to administer your voice domain from the same location as your data domain. To achieve this, IDS uses Lightweight Directory Access Protocol (LDAP) as the mechanism for moving directory information between the DS and OPS Manager. IDS benefits include: Single administration point for voice and data domain the DS Automated device programming and changing and deleting users from the DS Programming at the PBX is minimized, improving efficiency and accuracy DS/OPS/PBX Synchronization IDS can keep directory information in synchronization between the DS, OPS Manager and PBX. DS only exchanges directory information updates (moves, adds, changes or deletes) directly with OPS Manager. As part of the data synchronization between the DS and OPS Manager, OPS Manager is responsible to trigger the data synchronization with the managed PBX and then phone sets. Configuration can be done through OPS Manager IDS to specify if telephone devices will be affected during the synchronization; what information will be updated to the DS; and how and when the data update will happen. Please refer to OPS Manager Online Help for details of the operations. There are three kinds of operations and all of them are initiated from OPS Manager: 1. Full Collect from Directory Server: Full collect from the DS will collect all OPS Manager IDS managed directory entries from the DS and save them in the OPS Manager database. This is typically used with a new OPS Manager installation to obtain the initial directory information for the DS. 2. Full Propagate to Directory Server: Full propagate to the DS will push all OPS Manager IDS managed directory entries from OPS Manager database to the DS. This is typically used with an existing OPS Manager installation when it is later decided to implement a DS. 3. Synchronization with the DS: Synchronization operation collects the OPS Manager IDS managed entries that have been modified on the DS since the last synchronization event. The modified entries are collected from the DS database and copied into the OPS Manager database. Then, any changes that have been modified in the OPS Manager database since the last synchronization are copied to the DS database. This is typically done on a scheduled basis after the initial integration has been completed. The directory entry information taken from the DS includes: Name, Number, Department, Location, Device Type, PLID, Home Element, Private Number, Prime Name, MAC Template, MAC Address and CESID which are all part of Mitel IDS specific user attributes and are only available after the DS schema has been extended with IDS required attributes. The IDS required attributes include more than the list above but only the above information is updated to the OPS Manager. IDS requires additional attributes for the synchronization process itself. The directory entry information written to the DS is the same as above. The administrator also has the option to update three DS built-in attributes: telephone number, department and location. Mitel Technology Primer 3

4 For each operation between OPS Manager and the DS, OPS Manager initiates a LDAP connection with the DS and authenticates itself to the DS by using standard username / password authentication with or without SSL (Secure Sockets Layer). You can configure IDS to use SSL or not to use SSL to connect to the DS. Once the username / password is authenticated, information transfer between the DS and OPS Manager can commence. If the SSL is used, all the information flow between OPS Manager and the DS will be encrypted. Any IDS operation can be scheduled to run at specific dates and times. This feature makes the synchronization of directory information between the DS and OPS Manager, and / or switches and sets, easier and more efficient. DS/NuPoint Messenger Synchronization The voice mail user information can also be synchronized between the DS and Mitel Mail servers, i.e., Mitel NuPoint Messenger servers. This is a one-way only synchronization, that is, IDS distributes the voice mailbox changes from the DS to the Mitel Mail servers. Voice mail data is not collected from the Mitel Mail servers to update the DS. Therefore, you should only administer the voice mailboxes from the directory server. There are two kinds of operations and all of them are initiated from OPS Manager: 1. Full Collect from Directory Server: A full collection copies all the mailbox entries on the directory server into the Mitel Mail servers. 2. Synchronize with Directory Server: A synchronization collects the mailbox entries that have been modified since the last synchronization event. OPS Manager collects the modified entries from the directory server and copies them to the Mitel Mail servers. As noted above this is a one-way synchronization. The mailbox entry information taken from the DS includes: Mailbox Name, Extension Number, Department, Mailbox Number and Passcode, which are all part of Mitel IDS specific user attributes and are only available after the DS schema has been extended with IDS required attributes. The IDS required attributes include more than the list above but only the above information will be updated to the Mitel NuPoint Messenger TM. IDS requires additional attributes for the synchronization process itself. For each operation between NuPoint Messenger and DS, OPS Manager initiates a LDAP connection with the DS and authenticates itself to the DS by using standard username / password authentication with or without SSL. You can configure IDS to use SSL or not to use SSL to connect to the DS. Once the username / password is authenticated, information transfer between the DS and OPS Manager can commence. If SSL is used, all the information flow between OPS Manager and the DS will be encrypted. Steps YOU Need to Take to Integrate Your Directory Server If the following steps are performed, your directory server should inter-operate with OPS Manager s IDS functionality. 1. Extend the schema definitions of your DS with IDS required Attributes and Classes. See the following sections for the details of the required Classes and Attributes. 2. Develop applications that can read and write values of the IDS attributes of a given object if you intend to modify those attribute values in DS and you intend to have OPS Manager collect those values during a synchronization between OPS Manager and the DS. See the following sections for the formats and the purposes of each attribute. 3. Define an account (a directory entry including password) on your DS to be used by OPS Manager IDS to login to your DS as a LDAP client and give this account enough access control to read, modify, and add in the proper organizational location. Note: The IDS will not delete any information from the DS other than its own attribute values. 4. Define a default location on your DS where OPS Manager can add new entries by using the LDAP connection. 4 Mitel Technology Primer

5 Required Classes and Attributes for Telephone Directory Data When OPS Manager exchanges telephone directory data with the DS (synchronize with the DS, propagate to the DS or collect from the DS), there are two possible operations: write to DS and read from the DS. When OPS Manager IDS needs to create a new entry on the DS, IDS expects four hierarchical classes to be present: Top, Person, organizationalperson and User. The object-class attribute of the new entry will have the multiple values of the four class names. Your DS must have these classes defined. When OPS Manager IDS gets telephone directory data from the DS, it performs searches in the DS. IDS searches are based upon the organizationalperson object-class. (If you do not use the organizationalperson object-class, you must add this object-class to whatever object-class you use as your base person object-class.) IDS requires specific attributes for the base person object-class (organizationalperson or user or a subclass of them). They must be created in the schema of your DS to the base person object-class. The list of the telephone directory attributes required by OPS Manager IDS is described below. The attribute descriptions are broken up as follows: Description a description of the attribute LDAP name the name that the attribute must be defined as for LDAP requests Attribute type text or boolean-style text Attribute format the format of the attribute Length the maximum length of the attribute Additional additional information IDS-Managed additional: mitelidsmanaged Boolean-style text YES or NO One of YES or NO This attribute indicates whether or not OPS Manager IDS should care about this entry. If set to YES, OPS Manager IDS search will cover the directory entry. If set to NO, OPS Manager IDS will ignore the directory entry Not applicable This attribute should be searchable (indexed) This attribute should be set to YES for every entry that you want OPS Manager to manage. It should be set to NO for those entries you want IDS to ignore. IDS Identifier additional: mitelidsid <identifier> This attribute is a unique DS-generated key for the entry. (This is what differentiates entries from one another on the DS) 256 characters This attribute should be searchable (indexed) This attribute should remain constant The generation of the IDS identifier is left entirely up to your discretion. This identifier must be unique for every entry that will be exchanged between OPS Manager and the DS; therefore, it must exist for every entry. It is the key index between an OPS Manager directory entry and the DS directory entry. Once set, this value must not be changed. Changing this value will affect OPS Manager s ability to synchronize the entry and could possibly result in undesired additions or deletions. One suggestion is to use the DN (distinguished name) of the entry to fill in this value upon creation. (Even if the DS entry s DN changes, this field can remain the same as the old DN, and the entry will remain in synchronization with OPS Manager.) Note: If an entry is added to DS by IDS during a synchronization, then this key will be created by OPS Manager automatically. Mitel Technology Primer 5

6 Modification Timestamp mitelidsmodified <YYYYMMDDHHMMSSZ> (in GMT) A string representation of the date and time that the entry was last modified. When this string is sorted lexicographically, it is also sorted in the correct date-order. It is used to identify entries that have changed on the DS since the last time OPS Manager checked 15 characters additional: This attribute should be searchable (indexed). This attribute should be updated every time the entry is modified in DS This attribute should be updated whenever modifications are made to the entry in the DS side. If possible, you may want to update this value only when one of the mitelids server attributes is modified. This approach may reduce traffic between OPS Manager and the DS because only modifications due to IDS information changes will be detected. (It is not necessary to do this though, because OPS Manager can determine that no changes have been made to an entry when it is imported.) The DS application is responsible for updating this attribute. OPS Manager IDS will not update this attribute. Name mitelidsname <last name>,<first name> This attribute is the name field from OPS Manager Telephone Directory (and the PBX telephone directory) 21 characters (including comma) This attribute should be formatted as Last Name, First Name, using a comma (,) as the separator between last and first names. The maximum length of this field is 21 characters, including the comma (,). (If the name is known to exceed 21 characters, the administrator may want to use initials for the first name to avoid truncations). Example: If your directory server stores the Last Name as surname and First Name as givenname, this field would be formatted as: mitelidsname = surname,givenname (truncated at 21 characters) For more information on the Name field on OPS Manager, please see the OPS Manager online Help. Number mitelidsnumber <number> This attribute is the number field from OPS Manager Telephone Directory 26 characters This attribute stores the telephone number that will be used by OPS Manager to provision a device. The telephone number must meet the requirements of the user configuration on OPS Manager, e.g., it must include the Primary Node Identifier. For more information on the Number field on OPS Manager, please see the OPS Manager online Help. Department mitelidsdepartment <department> This attribute is the department field from OPS Manager Telephone Directory 10 characters This attribute should represent the department attribute on your DS. The maximum length of this field is 10 characters. For more information on the Department field on OPS Manager, please see the OPS Manager online Help. Location mitelidslocation <location> This attribute is the location field from OPS Manager Telephone Directory 10 characters This attribute should represent the location or office attribute on your DS. The maximum length of this field is 10 characters. For more information on the Location field on OPS Manager, please see the OPS Manager online Help. 6 Mitel Technology Primer

7 Home Element mitelidshomeelement <PBX name> This attribute is the name of the PBX where the device is physically programmed. It must appear exactly as it is programmed on OPS Manager 10 characters A list of available home elements is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to the programmed home elements in OPS. You can use this file to generate a list of valid home elements that can be chosen. The file can be retrieved using the following URL: /opsids/ids_homeelement.txt The format of this file is shown below: (blank lines should not be used) PBX 1<cr> PBX 2<cr> PBX 3<cr> PBX n For more information on the Home Element field on OPS Manager, please see OPS Manager online Help. Device Type mitelidsdevicetype <device type> This attribute is the set device type from OPS Manager Telephone Directory. The device type strings must appear exactly as on OPS Manager 10 characters A list of available device types is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to device types supported by OPS Manager. You can use this file to generate a list of valid device types that can be chosen. The file can be retrieved by using the following URL: /opsids/ids_devicetype.txt The format of this file is shown below: (blank lines should not be used) No Device 5001 IP 5215 dual mode 6600 YA PRO CitelLink Type1 DECT OP26/27 Hot Desk NetVision IP ONS/OPS OpenPhone 26/27 SpectraLink NetLink Superset 4001 For more information on the Device Type field on OPS Manager, please see the OPS Manager online Help. PLID The PLID is the Physical Location IDentifier. It identifies the physical location of the telephone set on the given Home Element (mitelidshomeelement). There are four elements to the PLID which are described in the following sections. For more information on the PLID field on OPS Manager, please see the OPS Manager online Help. Note: For IP devices, the PLID fields are normally assigned automatically by OPS Manager MAC application and they do not need to be set in the DS side. PLID Cabinet PLID Shelf mitelidsplidcabinet <plid cabinet> This attribute is the cabinet number from the home PBX 3 characters mitelidsplidshelf <plid cabinet> This attribute is the shelf number from the home PBX 3 characters Mitel Technology Primer 7

8 PLID Slot PLID Circuit mitelidsplidslot <plid cabinet> This attribute is the slot number from the home PBX 3 characters mitelidsplidcircuit <plid cabinet> This attribute is the circuit number from the home PBX 3 characters Private Number mitelidsprivatenumber Boolean-style text YES or NO one of YES or NO This attribute is the privacy field from OPS Manager Telephone Directory. It indicates that the caller s extension number will not be displayed on destination telephone set displays not applicable For more information on the Private Number field on OPS Manager, please see the OPS Manager online Help. Prime Name mitelidsprimename Boolean-style text YES or NO One of YES or NO This attribute is the prime field from OPS Manager Telephone Directory. If multiple users share a directory number (DN), this field associates one of the users as the prime user of that set. The name of the prime user will be displayed on the destination set when a call is placed. Only one person can be set to prime on a telephone Not applicable For more information on the Prime Name field on OPS Manager, please see the OPS Manager online Help. Host that Last Modified Entry mitelidsmodifiedby <hostname> This attribute is the name of the host that modified the entry last. The directory server should update this value with its hostname on every update that is initiated by the directory server 256 characters Whenever an entry is updated from your directory server administration interface, this attribute should be set to the directory server hostname. OPS Manager will always set this attribute to its hostname. When importing entries, OPS Manager uses this attribute in the search filter so that only changes made by the directory server (mitelidsmodifiedby!=<ops hostname>) are imported into OPS Manager. MAC Template for Add mitelidsmactmpl <template name> This attribute allows you to select a template to apply to Add User operations. This template only applies to Add User operations that you perform from the directory service. It overrides the Add User template that is selected in the OPS Manager Directory Server Setup application. You create templates in the OPS Manager application 20 characters A list of available templates is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to templates on OPS Manager. You can use this file to generate a list of valid template names that can be chosen. The file can be retrieved by using the following URL: /opsids/ids_templates.txt The format of this file is shown below: Default Add Template 1 Template 2 8 Mitel Technology Primer

9 MAC Address of an IP Telephone mitelidsmacaddress <MAC address, e.g. 08:00:FF:81:B6:59> This attribute identifies the Media Access Control address of an IP telephone (for example, the Mitel 5220 IP Phone). Addresses are only required for IP phones and IP phones are only available on the Mitel 3200 IP Communications Platform (ICP), the Mitel 3300 IP Communications Platform (ICP, or the Mitel 3800 Applications Gateway This field is only enabled if the device type is an IP phone. You can only program IP telephones as the device type if the home element is a 3200 ICP, 3300 ICP, or 3800 Applications Gateway system 12 characters (excluding colons) Customer Emergency Services ID mitelidscesid <ID digits> This attribute allows you to enter a digit string (maximum of 10 digits: 1 to 9) that identifies a voice device when a 911 emergency call is placed from the device. The Customer Emergency Services Identification (CESID) is the index that the Public Safety Answering Point (PSAP) uses to access information from an Automatic Line Information (ALI) database. The ALI database provides the emergency administration center with the company name, address, postal code, and location of the voice device that originated the 911 call. In general, each voice device will have a unique CESID 10 characters Mitel Technology Primer 9

10 Telephone Directory Attribute Relationships Between the Directory Server and OPS Manager The IDS attributes defined on the directory server have a direct relationship to attributes in the OPS Manager Telephone Directory or are used by OPS Manager when accessing the directory server. These relationships are summarized in the table below: Directory Server Attribute mitelidsmanaged mitelidsid mitelidsname mitelidsnumber mitelidsdepartment mitelidslocation mitelidshomeelement mitelidsdevicetype mitelidsplidcabinet mitelidsplidshelf mitelidsplidslot mitelidsmanaged mitelidsplidcircuit mitelidsprivatenumber mitelidsprimename OPS Manager Relationship Managed by IDS checkbox in the Telephone Directory Editor and in the MAC workform user interface (UI) Attribute in OPS Manager database. Not visible on any OPS Manager UI Name field in the Telephone Directory Editor and in the MAC workform UI Number field in the Telephone Directory Editor and in the MAC workform UI Department field in the Telephone Directory Editor and in the MAC workform UI Location field in the Telephone Directory Editor and in the MAC workform UI Home Element field in the Telephone Directory Editor and in the MAC workform UI Device Type field in the Telephone Directory Editor and in the MAC workform UI First component of the PLID field in the Telephone Directory Editor and in the MAC workform UI Second component of the PLID field in the Telephone Directory Editor and in the MAC workform UI Third component of the PLID field in the Telephone Directory Editor and in the MAC workform UI Managed by IDS checkbox in the Telephone Directory Editor and in the MAC workform UI Fourth component of the PLID field in the Telephone Directory Editor and in the MAC workform UI Privacy field in the Telephone Directory Editor and in the MAC workform UI Prime field in the Telephone Directory Editor and in the MAC workform UI 10 Mitel Technology Primer

11 Directory Server Attribute mitelidsmodified mitelidsmactmpl mitelidsmacaddress mitelidscesid OPS Manager Relationship Used by OPS Manager when searching for entries on the DS. This value is not stored in the OPS Manager database. Used by OPS Manager to determine which server made the last modification Used by OPS Manager to choose the template for MAC ADD operation MAC address field in the Telephone Directory Editor and in the MAC workform UI CESID field in the Telephone Directory Editor and in the MAC workform UI Duplicate fields are used for the Name (mitelidsname), Number (mitelidsnumber), Department (mitelidsdepartment) and Location (mitelidslocation) attributes, primarily so that when it writes to the DS from OPS Manager it will not affect the original data in the DS (nondestructive). You can also create the above four fields as aliases to the real fields on your DS and have OPS Manager update the real fields instead of duplicate fields if this is the behavior you desire. By default the IDS application does not update any existing attributes within the DS. However the telephone number, department and location fields in the DS can be updated if required. Required Classes and Attributes for Voice Mail Data If you have Mitel Mail (NuPoint Messenger) servers programmed in OPS Manager server and need to synchronize user information between your directory servers and your Mitel Mail servers, you must create a new object class for the Mitel Mail server and add some attributes to this class. The class definition and attributes formats are described below. In the following sections, these three terms are used interchangeably: Mitel Mail, NuPoint Messenger and voice mail. Voice Mail Server Class mltvmserver This is a new class you must create in the directory server. This class can be a subclass of your choice. For example, it can be a subclass of top class. The purpose of the class is that you can create an object instance of the voice mail server for the user s mailbox. The attributes as described below must be added to the schema for this class Server Type mitelidsvmsrvtype <MitelMail> This attribute indicates the server type. Currently there is only one server type. This attribute must be set a value as MitelMail Exactly 9 as of the length of MitelMail Server Host Name mitelidsvmsrvhostname <server host name or IP address> This attribute is the actual host name or the IP address of the Mitel Mail server. For example, the value can be NuPointMessenger1 or its IP address alphanumeric characters Mitel Technology Primer 11

12 Associated PBX mitelidsvmsrvassocpbx <PBX name > This attribute identifies the PBX to which the Mitel Mail server is connected. In OPS Manager server, there is a list of network elements defined. From that list, one Network element name is identified as the associated PBX for the Mitel Mail 10 characters The PBX name must appear exactly the same as it is programmed on OPS Manager. The list of available network elements is available on the OPS Manager web server through the HTTP protocol. The file containing the list will be updated when changes are made to the programmed network elements. You can use this file to generate a list of valid network elements that can be chosen. The file can be retrieved using the following URL: /opsids/ids_homeelement.txt Administrator Account mitelidsvmsrvadminacct <account name> This attribute is the administrator account name for the voice mail server 256 alphanumeric characters Administrator Account Passcode mitelidsvmsrvadminpass <passcode> This attribute is the passcode for the administrator account 256 alphanumeric characters OPS Manager IDS requires some specific attributes for the base person object-class (organizationalperson or user or a subclass of them). This is the list of the voice mail attributes required by OPS Manager IDS. They must be created in the schema of your DS to the base person object-class. IDS Voice Mail Managed mitelidsvmenabled Boolean-style text YES or NO One of YES or NO This attribute indicates whether or not the IDS-VM application will synchronize this mailbox information with the mailbox information on the Mitel Mail server Set to YES if you want to administer the user's mailbox from the directory service. If set to NO, any changes that you make to this user's properties are not propagated to the user s mailbox on the Mitel Mail server. If set from YES to NO, the mailbox will be deleted from the Mitel Mail server during the next synchronization event not applicable additional: This attribute should be searchable (indexed) Mailbox Name mitelidsvmname <last name>,<first name> This attribute is the mailbox name of the user 31 characters (a comma counts as a character) The value of this attribute can be derived from the user name information in the DSand truncated if needed. Extension Number mitelidsvmextension <extension number> This attribute is the extension number that is associated with the mailbox 15 digits (any digit numbers of 0 to 9) The value of this attribute can be copied from the user telephone number information in the DS. 12 Mitel Technology Primer

13 Department mitelidsvmdepartment <department> This attribute is the user s department 10 characters The value of this attribute can be copied from the user department information in the DS and truncated if needed. Voice Mail Server Name mitelidsvmserver <VM server name> This attribute is the voice mail server name for the user s mailbox Any length acceptable by the DS You must create Mitel Mail server objects in your DS first. This is done by creating an instance object of the class mltvmserver which needs to be created. You can get a list of voice mail servers from the DS by querying for the objects whose object class is mltvmserver. Mailbox Number mitelidsvmmailboxnumber <mailbox number> This attribute is the mailbox number for the user 11 digits (any digit numbers of 0 to 9) Template mitelidsvmtemplate <template name> This attribute is the template name that you want to apply when you add a new mailbox 40 characters The actual templates are defined in the DS setup dialogue in the OPS Manager. The list of available templates is available on the OPS Manager web server through the HTTP protocol. You can generate a list of valid templates by using the following URL: /opsids/vmtemplates.asp Mailbox Passcode mitelidsvmpasscode <passcode > This attribute is the passcode to the user's mailbox 10 digits (any digit numbers of 0 to 9) The passcode must be at least four digits in length. Defining an OPS Manager Login Account This account is used by OPS Manager to log into the DS. Once logged in and authenticated, OPS Manager searches, modifies, and makes additions to the DS using LDAP. Authentication is performed by using the username / password with or without SSL. You can configure IDS to use SSL or not to use SSL to connect to DS. If the LDAP port is not 389, OPS Manager IDS will connect to directory server using SSL. Refer to OPS Manager online Help for details of the configuration. Defining a Default LDAP Add Location OPS Manager will add entries to the default LDAP Add location on your directory server. The location can be the same as all of your other entries or a special location that you define. When installing OPS Manager, you will be required to provide the DN (distinguished name) of this location (DEFAULT CONTAINER). Example: When adding to a directory server, the DEFAULT CONTAINER can be defined as: Exchange 5.5: cn=recipients,ou=site_name,o=organization _NAME Lotus Domino: o=organization_name Novell edirectory: ou=site_name,o=organization_name Active Directory: cn=users,dc=second_level_domain_name,dc= TOP_LEVEL_DOMAIN_NAME After OPS Manager has added the entry to your DS, you may change the DN of the entry to fit your organization, as long as the IDS Identifier (mitelidsid) remains the same. Mitel Technology Primer 13

14 Integrated Directory Services in Operation When the new classes and attributes have been defined in the schema of the Directory Server, IDS is ready to run. The following sections briefly describe how OPS Manager uses these newly added classes and attributes. Note: How an entry will be updated in OPS Manager side is configurable. In the Directory Server Setup dialogue in OPS Manager, if Update Users and Devices is toggled on, the entries from Directory Server will be updated in OPS Manager using MAC application, i.e., both user and device information will be updated. If Update Users Only is toggled on, the entries from Directory Server will be updated in OPS Manager using Telephone Directory application, i.e., only user information in the Telephone Directory will be updated and device information will not be modified. The operations below are presented in the case of Update Users and Devices is toggled on. When OPS Manager needs to query the DS for any candidate entries using a specific query filter, OPS Manager also uses a search base. The search base is configured during OPS Manager software installation process. When asked, you should provide a correct SEARCH BASE for OPS Manager to use for its LDAP query. Usually search base is the same as DEFAULT CONTAINER. Full Collect from the Directory Server The full collect operation is used to synchronize the directory server and OPS Manager directories initially or to correct severe corruption of the OPS Manager database. A full collect operation should not be performed on a daily basis. This operation retrieves all IDS-managed entries from the directory server; that is, all entries on the directory server with the mitelidsmanaged attribute set to YES. (Entries on the directory server with the mitelidsmanaged attribute set to NO will not be collected into OPS Manager.) OPS Manager follows these steps to perform a full collect: 1. Mark all Telephone Directory entries as non-ids-managed; uncheck the Managed by IDS checkbox in the Telephone Directory Editor (or MAC workform UI). (This allows each collected entry to reset its own checkbox when it is collected in the next step. This means that when the collect is finished, all checked entries in the Directory Server will be IDS-managed in the Telephone Directory Editor.) 2. Request all the mitelids server attributes for entries from the directory server that have mitelidsmanaged set to YES. The query filter is: (&(objectclass=organizationalperson)(mitelidsmanaged =yes)) 3. Compare the attributes of each returned entry against the existing OPS Manager Telephone Directory to determine what to do with the information: If the entry doesn t exist in Telephone Directory, add the entry using MAC If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have changed, move the entry using MAC If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have not changed, change the entry using MAC If the entry exists in Telephone Directory and no attributes have changed, ensure that the Managed by IDS checkbox is checked After the full collect operation is complete, entries on the directory server with the mitelidsmanaged attribute set to YES will have a corresponding entry on OPS Manager with the Managed by IDS checkbox in the checked state. 14 Mitel Technology Primer

15 Full Propagate to the Directory Server The full propagate operation is used to fully synchronize the directory server and OPS Manager directories initially or to correct severe corruption of the DS database. A full propagate operation should not be performed on a daily basis. This operation writes all IDS-managed entries from OPS Manager to the directory server; that is, all entries on OPS Manager with the Managed by IDS checkbox checked in the Telephone Directory Editor (or on the MAC workform UI). (Entries on OPS Manager that do not have this box checked will not be propagated to the DS.) OPS Manager follows these steps to perform a full propagate: 1. Generate an output entry for each IDS-managed entry in the OPS Manager Telephone Directory. 2. Compare the generated output entries from OPS Manager with entries in the DS to determine the corresponding actions: If the same entry exists in DS, modify the DS entry with the values from OPS Manager If the directory entry does not exist in DS, add the entry to the DS After the full propagate operation is complete, each Telephone Directory entry with the Managed by IDS checkbox checked will have a corresponding entry on the DS with the mitelidsmanaged attribute set to YES. Synchronization Between OPS Manager and the Directory Server The synchronization operation is usually performed daily (or as often as necessary) to maintain synchronization between the OPS Manager Telephone Directory and the DS. Any modifications to the entries managed by OPS Manager IDS in directory server result in changes to the mitelidsmodified timestamp attribute. Once those modifications happen, there is a set of IDS-Managed (mitelidsmanaged=yes) entries on the DS that have a mitelidsmodified timestamp greater-than-or-equal-to (>=) the timestamp of the last synchronization. This set of entries is collected by OPS Manager each time a synchronization is performed, ensuring that any changes made on the DS are also updated on OPS Manager. Similarly, any modifications to the OPS Manager Telephone Directory result in a set of differences between the OPS Manager Telephone Directory and the DS. (Changes to the OPS Manager Telephone Directory can be made from the Telephone Directory Editor, MAC, or from the PBX.) Each time a change is made on OPS Manager, a change record is produced which will be written to the DS during the next synchronization operation. These change records for the DS can be viewed from Telephone Directory Utilities in OPS Manager. OPS Manager follows these steps to perform the synchronization: 1. Request all the mitelids server attributes for entries from the directory server that have mitelidsmanaged set to YES and that were modified from directory server side. The query filter is: (&(&(objectclass=organizationalperson)(mitelidsmanaged =yes))(!(mitelidsmodifiedby=<ops Host>))) Only those returned entries whose change timestamp (mitelidsmodified) is newer than the timestamp of last synchronization will be considered in the later steps. Mitel Technology Primer 15

16 2. Compare the attributes of each returned entry against the existing OPS Manager Telephone Directory to determine what to do with the information: If the entry doesn t exist in Telephone Directory, add the entry using MAC If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have changed, move the entry using MAC If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have not changed, change the entry using MAC If the entry exists in Telephone Directory and no attributes have changed, ensure that the Managed by IDS checkbox is checked 3. Compare the generated output entries from OPS Manager with entries in the DS to determine the corresponding actions: If the same entry exists in the DS, modify the DS entry with the values from OPS Manager. If the directory entry does not exist in DS, add the entry to the DS If the entry is not IDS managed by OPS Manager or completely deleted from OPS Manager, then the action is to Delete Mitel IDS attributes of the entry in the DS (mitelidsmanaged, etc) but the entry still exists in the DS After the synchronization operation is completed, entries on the directory server with the mitelidsmanaged attribute set to YES will have a corresponding entry on OPS Manager with the Managed by IDS checkbox in the checked state, and the information in each entry will be consistent across OPS Manager and the DS. Note: IDS deletions made on the DS: IDS deletion in directory server means either an entry is completely deleted from the DS so the entry does not exist in the DS anymore or an entry is not managed by OPS Manager IDS anymore (the attribute value for mitelidsmanaged is set to NO) but the entry itself is still in the DS. Due to technical limitations in discovering deleted entries on some directory servers, a special approach must be used to find entries which have been deleted from the DS. The basic algorithm OPS Manager uses to discover the IDS deleted entries from the DS is to find the set of IDS-managed (mitelidsmanaged=yes) entries that exist only in the OPS Manager Telephone Directory. That is, if an entry is marked as IDS-managed and has an IDS identifier (mitelidsid), but does not have a corresponding entry on the DS that is also marked as IDS-managed, the entry is considered to be part of this set. Once the set of entries is found, the entries are marked for deletion and are processed by OPS Manager. When a simple, standard approach for dealing with deletions is implemented by a majority of the DS vendors, OPS Manager IDS will be evolved to apply the standard method for deletion discovery. Deletions IDS deletions of entries on the DS can be discovered as part of a synchronization event and can also be excluded from a synchronization event. A synchronization event that includes the discovery of IDS deletions may take significantly longer than one that does not include deletions because of the overhead required to discover deletions. 16 Mitel Technology Primer

17 DS/NuPoint Messengers Synchronization To synchronize the mailbox entries on the DS with the mailbox entries on the Mitel Mail servers, you can perform either of the following operations from OPS Manager: Synchronization with DS Full Collect from DS Synchronization with Directory Server A synchronization collects the mailbox entries in the DS that have been modified since the last synchronization event and copies them to the Mitel Mail server. When you schedule a synchronization event, you can choose to: Synchronize new and modified entries only Synchronize deleted entries only Synchronize new, modified and deleted entries in one event Full Collect from DS A full collection propagates all the mailbox entries on the directory server to the Mitel Mail server. OPS Manager IDS VM application will do the following: Query for all the entries whose object class is OrganizationalPerson and whose attribute mitelidsvmenabled has a value of YES. The query filter is: (&(objectclass=organizationalperson)(mitelidsvmenabled =yes)) OPS Manager IDS VM will add them to the Mitel Mail server if they did not exist there or modify the entries if they already exist. OPS Manager IDS VM application will do the following: If to synchronize new and modified entries: Query for all the entries whose object class is organizationalperson and whose attribute mitelidsvmenabled has a value of YES The query filter is: (&(objectclass=organizationalperson)(mitelidsvmenabl ed=yes)) For those whose timestamp (mitelidsmodified) is newer than the lastchecked timestamp, OPS Manager IDS VM will add them to the Mitel Mail server if they did not exist there or modify the entries if they already existed If to synchronize deleted entries: For those mailbox entries that still exist in the Mitel Mail server but not mitelidsvmenabled (the attribute either does not exist or its value is NO) in DS, OPS Manager IDS VM will delete them from the Mitel Mail server Mitel Technology Primer 17

18 North America Tel: (613) Fax: Latin America Tel: (613) Fax: UK Tel: +44 (0) Fax: +44 (0) France Tel: +33 (0) Fax: +33 (0) Benelux Tel: +31 (0) Fax: +31 (0) Italy Tel: Fax: Germany, Switzerland, Austria Tel: +49 (0) Fax: +49 (0) Portugal and Spain Tel: Fax: Middle East Tel: Fax: South Africa Tel: Fax: Asia-Pacific Tel: Fax: South Pacific Tel: Fax: THIS DOCUMENT IS PROVIDED TO YOU FOR INFORMATIONAL PURPOSES ONLY. The information furnished in this document, believed by Mitel to be accurate as of the date of its publication, is subject to change without notice. Mitel assumes no responsibility for any errors or omissions in this document and shall have no obligation to you as a result of having made this document available to you or based upon the information it contains. M MITEL (design) is a registered trademark of Mitel Networks Corporation. All other products and services are the registered trademarks of their respective holders. Copyright 2006, Mitel Networks Corporation. All Rights Reserved. GD PN RA-EN