UCM based LDAP server and phones regestering over GDMS

#1

Hi,

I’m looking for a way to get my UCM contacts on a remote phone that is connecting to the UCM over GDMS.

Phones on the location are provisoned using ZeroConfig and the LDAP configuration in that case is really easy -> “Phonebook XML server”. Is there a way of achiveing the same using the GDMS platform?

On the GDMS under “Voip devices”/ “Set parameters”/ “Contacs” / “Download Contacts” I can also define some LDAP related things. I’m just not sure which data to input here - should I input the remote connect UCM address (domain) and under the username/password should I input the UCM LDAP server user/pass or the UCM user/pass. Did some testing but it does not seem to work…

#2

I also was testing this scenario,… but until Grandstream does not add posibility to have over GDMS,… LDAP from UCM… this is nightmare… I don’t even don’t understand their logic … if you use inside company Grandstream IP phone which is connected via LAN to PBX and uses LDAP from PBX (Grandstream UCM)… and when you take this IP Phone to home office you are without contacts extensions… this is really funny…

#3

LDAP works correctly both locally and on remote extensions,
just do the NAT of the LDAP port.

Forward GDMS supports LDAP settings, just enter “P” codes,
if you do not know the product well, it is better not to give incorrect answers,
otherwise the reader is only confused.
Thank you.

Grandstream support is at this link:

#4

“Forward GDMS supports LDAP settings, just enter “P” codes,”

Can you be more specific?

I did open a ticket with support and got the information, that the GDMS LDAP settings do not allow entering UCM domain adrress as the LDAP server address. Only the UCMs public IP is allowed.

Opening port 389 to the internet is not really something I would like to do. The only way that I would allow that is to limit access to the public IP only for port 389 and add a MAC based ACL filter that allows only devices whois MAC address begins with C074ADxxxxxx. Not ever sure if that is doable…

#5

the MAC does not travel as information on the Internet that I know of, so it is not possible to create an ACL in this sense,
for “P” codes see this link:
https://content.grandstream.com/hubfs/Grandstream_Feb_2021/Zip%20File/config-template.zip

if you are unfamiliar with inserting instructions using “P” codes, you should read the manual (in practice, each setting corresponds to a “P” code, example -> P102 = 2 [Date Display Format]. You can enter them on any telephone model on GDMS (must be entered without “P” in front, in the previous example it would be 102 = 2).

Unfortunately, the passing of LDAP information is not foreseen for extensions in Remote Connect
(problem that I reported several times to Grandstream but was always ignored).

hi @GSSupport74,
let’s see if you read me :wink::stuck_out_tongue_winking_eye:

#6

I don’t believe that LDAP is available for the IP phones thru GDMS link, also the LDAP contacts on wave are maybe pushed from the UCM in a different way, this needs to be confirmed from GS dev team.
The best way for the remote env is to use remote phonebook that has an easy config from the GDMS!

#7

So an external LDAP server that will read UCM LDAP data and on the other side be on public IP address that will serve to supply LDAP data to remote devices. So on the one side using a LDAP concentrator (even know one that offers exactly that) and as it is acting as a proxy where only LDAP service will be running there is no major loss if it gets attacked…

#8

I’m familiar with P codes. I use them with some installations to push some settings over templates. I’m just not sure how they could help me out in the remote LDAP access?

#9

I explained it to you above by also giving an example,
and providing you with a link to the original templates.
I don’t know how to help you anymore

#10

this is possible if you set public ip and forward the needed ports

but what I am referring to is a better way with remote xml phonebook
sip:music@iptel.org

24
Screenshot 2023-03-08 at 21.25.24.png2520x926 129 KB

#11

Dear user,

Thank you for your feedback! You may need to configure the phone XML server and try again:

Address: UCM GDMS domain such as https://000b82xxxxx-10904.a.gdms.work/phonebook.xml
Account: UCM LDAP configuration
Password: UCM LDAP configuration

%E5%9B%BE%E7%89%87
图片.png1563x942 58.6 KB

Thanks for your testing!

Thank you!

#12

I was not intend to be rude :slight_smile: but i am pissed off with Grandstream product… because our local ISP which sold us this PBX device and phones is very confusing and their support is very bad… as they are not capable to configure this as it… so I as a end custumer search for solution on this forum and google around…

#13

Dear user,

Thank you for your feedback! We will try our best to improve your using experiences. Please feel free to let me know or post your questions on the Forum, then we will check it and help you resolve the issue asap. Thanks for your testing!

Thank you!

#14

hi Mario,

One matter is the “low quality” product, another matter the “low quality” installer,
in your case it is a supplier problem, and not a product one.

Look for a professional and competent installer in your area.

#15

H daimano70,

yes, agree when you have ISP who is selling Grandstream and they lack in their knowladge :slight_smile: then you have a problem, and you can not search for alternative installer :slight_smile:

#16

hi @GSSupport74

Thank you,
Is this thing you write valid in every case, or only in case of remote IP phone via Remote Connect?
be patient but you have confused my ideas,
LDAP and then you tell me to configure the phone in xml,
kindly can you tell me step by step what to do on UCM and what to do on GS IP phone?

Thank you in advance,
Damiano

#17

Dear user,

Thank you for your feedback! RC does not support LDAP, so the given method is another way to import the contacts, which is not related to LDAP. This is the only method for RC users. Thanks for your testing!

Thank you!