ISI SOLUTIONS WHITE PAPER Utilizing LDAP for User Profile and Corporate Structure Integration By: Mitchell Weiss Director of Product Strategy ISI Telemanagement Solutions, Inc. At A Glance: In cases where the proper attributes exist, Infortel Select XSL s LDAP integration can fully automate the import of directory information from a centralized corporate directory. Additionally, it can be used with phone systems that offer LDAP directories. Infortel Select XSL provides an additional ASCII import utility which can be used in cases where LDAP integration is not feasible. Simply create a fixed length or comma-delimited ASCII file with the information. Infortel Select XSL can either manually import this information or automatically import it on a scheduled basis. ISI Telemanagement Solutions, Inc. 1051 Perimeter Dr., Suite 200, Schaumburg, IL 60173 847.706.5018 This document is provided as-is. Information and view expressed in this document may change without notice. 0013R6262012
WHAT IS LDAP? LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying directory services running over TCP/IP. A directory is a set of objects with attributes organized in a logical and hierarchical manner. A simple example is the telephone directory which consists of a list of names (of either persons or organizations) organized alphabetically with each name having an address and phone number associated with it. An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people, or anything else that represents a given tree entry (or multiple entries). Many enterprises use LDAP to house corporate directory information. Directory information can include PCs and servers, network logins, phone numbers, departments, etc. Various applications share this information. Applications can include server and workstation operating systems, HR systems, directory applications, and phone systems. Since all applications share a common LDAP directory, this directory, in effect, becomes the corporate master directory. Specifically, as it relates to Infortel Select XSL, LDAP is one supported method of acquiring directory information for the Infortel Select XSL database. By connecting to an LDAP directory, Infortel SelectXSL can import information on user names, organizations, extensions, and the like. Timely updates of directory information are a critical component of maintaining a call accounting system. With a properly configured LDAP interface, Infortel Select XSL s database updates can be fully automated and a single point of entry achieved. WHAT DIRECTORIES DOES ISI SUPPORT? In general, ISI supports all of the major LDAP directories on the market. We have tested and certified our application with Microsoft s Active Directory and OpenLDAP. ISI will attempt to use other directories on a best efforts basis. WHAT INFORMATION CAN WE RETRIEVE? ISI s LDAP interface has been designed to accept much of the day-to-day information needed to maintain your call accounting system. The list below shows the data elements that can be retrieved by our LDAP interface: Extension (Note: Must match the extension number as output by the PBX in raw call detail records) Name (Could be lastname/firstname, full name or just a description associated with the phone if not assigned to a person) Organizational Information (See A Note About Organizational Information below) Authorization Code Directory Import Key (Used optionally as a unique identifier could be employee number or some other unique field) E-mail Address Home Phone Number Mobile Number Fax Number Pager Number Modem Number DID Number Title Alternate Extension External Code (May be used to drive chargeback to billing accounts unrelated to organizational hierarchy) 2
Minimum Requirements: Infortel Select XSL requires either the extension or authorization code (as will be seen in the raw call detail record), the person s name or description to be associated with the extension or authorization code, and any desired organizational hierarchy to be used for grouping a user s call activity on reports. Additional fields are optional based upon application management and reporting needs. A NOTE ABOUT ORGANIZATIONAL INFORMATION LDAP directories do not have a standard methodology of representing the organizational structure. Some companies choose to use the inherent hierarchical nature of LDAP to represent organizational information while others do not. Additionally, LDAP does not enforce any balance on the hierarchy within LDAP. For example, in some branches of the tree, you can have four levels, while in others you may have only two. Due to the reporting requirements in Infortel Select XSL, ISI does not support an unbalanced organizational tree. For this reason, Infortel Select XSL will gather organization information from LDAP attributes rather than the hierarchy. ISI recommends expanding your LDAP schema to include organizational information that will be imported into Infortel Select XSL. A NOTE ABOUT THE EXTENSION FIELD The TelephoneNumber attribute in the default LDAP schema should not be used as the basis for the Extension field in Infortel SelectXSL. In most cases, the TelephoneNumber attribute will contain the full telephone number for a person. For example, 847-995-0003. The Extension Number field in Infortel SelectXSL must contain the same number that the telephone system outputs in the call detail records. Additional elements such as dashes, country codes, or other items can also confuse the system. For example, 847-995-0003 may really map to extension 2503. You will need to either modify the TelephoneNumber attribute to store the extension number rather than the full number, or, extend the schema with a new attribute for extension. HOW DOES THE INTERFACE WORK? The first step in creating an LDAP interface is to enter the information needed to login to the corporate LDAP directory. It is required that the main Infortel Select XSL server has connectivity to the LDAP server for this function to work. Since we do not write to the server, read-only access is acceptable. Please take care to ensure that the firewall is open to this type of access. 3
In order to log on to your LDAP server, you must provide: User Name and Password Search Base where in the directory tree do we search for attributes? The search scope A mapping of attributes to ISI data elements Once you have created the mappings, you can save the settings and proceed with the import. Additionally, you can completely automate the import by scheduling it as shown below: HOW ARE UPDATES PROCESSED? When updating your directory from an LDAP source, Infortel Select XSL follows a series of rules to update the Infortel Select Directory database. When running an import, you can choose whether to delete all existing information before starting the import: If an extension exists in Infortel SelectXSL but does not exist in the LDAP feed, the extension will remain active in Infortel Select XSL if you chose not to delete existing information. If you chose to delete existing information, the extension will be inactivated. If an extension exists in LDAP but does not exist in Infortel Select XSL, it will be added to Infortel Select XSL If a new LDAP extension contains an organizational entity (department, etc.) that already exists in Infortel Select XSL, that extension will be placed in the correct entity. If a new LDAP extension contains an organizational entity that does not exist in Infortel Select XSL, the organizational entity will be created and the extension will be placed in the newly created entity. If an extension exists in LDAP with a different user name than the name in Infortel Select XSL, the old extension in Infortel Select XSL will be marked inactive and a new extension will be created with the new name. When import codes are used, the logic changes. If an extension exists in LDAP with a different user name than the name in Infortel Select XSL but the Import Code is the same, it updates the user name in Infortel Select XSL. If an extension has a different organization in LDAP than found in Infortel SelectXSL, the extension in Infortel Select XSL will be inactivated and a new extension created under the new department. All extensions will be added under the default billing class. LDAP AND INFORTEL SELECT XSL ASP OR INFORTEL SELECT XSL ADVANTAGE Infortel Select XSL ASP and Infortel Select XSL Advantage are options for deploying the Infortel Select XSL solution as an ISIhosted and managed solution (SaaS). As the Infortel Select application servers reside in ISI s data center rather than on the customer s network, ISI would need access to the LDAP server over the Internet. Security concerns will typically require use of a VPN tunnel and security credentials to facilitate such access. If security concerns prohibit ISI from achieving remote access to the LDAP server, an LDAP interface may still be achieved by scheduling a periodic LDAP export file that is presented to the Infortel Select application as a directory import, thus automating the Directory update process with ISI access to the customer s LDAP server. Note: ISI only requires read-only access to the LDAP directory. No changes or updates are performed. 4
CONCLUSION In cases where the proper attributes exist, Infortel Select XSL s LDAP integration can fully automate the import of directory information from a centralized corporate directory. Additionally, it can be used with phone systems that offer LDAP directories. Infortel Select XSL provides an additional ASCII import utility which can be used in cases where LDAP integration is not feasible. Simply create a fixed length or comma-delimited ASCII file with the information. Infortel Select XSL can either manually import this information or automatically import it on a scheduled basis. ABOUT ISI TELEMANAGEMENT SOLUTIONS Headquartered in Schaumburg, IL, ISI Telemanagement Solutions, Inc. helps clients reduce their telecom spend by 10% to 35%. With Audit, Inventory, Real-Time Wireless & Wireline Call Reporting and Invoice Management solutions, our clients are able to improve employee productivity, manages costs, and optimize wireless, wireline, data and Unified Communications networks. ISI s Managed Services and outsourcing enable clients to free-up time and money to make strategic investments in IP infrastructure and applications. ISI s facilities, processes, and data security comply with ISO 9001:2008, SSAE 16, HIPPA, Safe Harbor and other important standards. Additional information may be found at, requested via e-mail at info@isi-info.com, or by calling +1.847.706.5018. DISCLAIMER This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any ISI product. You may copy and use this document for your internal, reference purposes. Copyright 2015 ISI Telemanagement Solutions, Inc. All rights reserved. Infortel is a registered trademark of ISI Telemanagement Solutions, Inc. 5