Summary
This document describes how to configure the Application Gateway to use Lightweight Directory Access Protocol (LDAP) directories.
Requirements
To configure the Application Gateway to use one or more LDAP directories, specify the following information in the Application Gateway Administration Tool:
• The total number of directories (both LDAP and CSV) that you want IP telephone users to access through Express Directory.
• Whether you want to combine the directories for display on the IP telephone. If you keep the directories separate, specify a Directory Title to display as a submenu item under “Express Directory” in the Voice Office menu. If you use multiple directory sources, but do not combine them, Broadcast Server and Zone Paging will use only the first directory source defined. If you combine directory sources, those applications will use all directories.
• LDAP server connection information for each directory. Specify the LDAP attributes to be displayed and used to control Express Directory operation.
Procedure
To specify LDAP server connection information:
1. From a Web browser, enter the URL https://AG_ipAddress:AG_adminPort to open the Citrix Application Gateway Administration Tool.
2. Go to the Operation > Voice Office > Directory page.
3. From Number of Directory Sources, select the total number of directories, both LDAP and CSV, to be used.
4. From Configure Source, select the source number. The Application Gateway identifies each directory source by a unique number. For example, if you are using three directory sources, select 1, 2, or 3 from Configure Source to identify the directory that you want to configure. If you later need to change the settings for a directory source, return to the Directory page and choose the source number from Configure Source.
5. To combine multiple directories into one directory, select the Combine Sources check box. If this check box is selected for any source, all sources are combined. If you combine directories, Express Directory users search one, combined directory, accessible from the Express Directory menu. If you do not combine directories, Express Directory users choose a directory name from the Express Directory submenu. Users might find it more convenient to select from a submenu containing entries such as Departments, Staff, and Services than to search a combined directory.
6. If you are not combining directories, enter a short, descriptive title for the LDAP directory that you are configuring. This title displays in the submenu that appears when an IP telephone user selects Express Directory.
7. From Data Source, choose LDAP.
8. Complete the LDAP Server Connection fields as follows:
Field | Description |
Server and Server Port | The IP address or host name and port for your LDAP server. The Cisco DC Directory port is usually 8404. The LDAP Server Port for other LDAP directories is typically 389. If you are using an indexed database, such as Microsoft Active Directory with a Global Catalog, changing the LDAP Server Port to 3268 will significantly speed the LDAP queries. Note: If your directory is not indexed, we recommend that you use an administrative connection, rather than an anonymous connection, from Application Gateway to the database. Download performance improves when you use an administrative connection. |
Bind DN and Password | The Administrator Bind DN and password for queries to your LDAP directory. The Application Gateway binds to the LDAP server using the administrator credentials and then searches for the user. After locating the user, the Application Gateway unbinds the administrator credentials and rebinds with the user crendentials. Example syntax for Bind DN: For Active Directory, if you do not use the UPN for the Bind DN, the group name (specified as “cn=groupname”) is required. For other LDAP directories, the group name either is not required or, if required, is specified as “ou=groupname”. Note that most directories do not return useful information on anonymous binds. |
Base DN | The Base DN to be used as a starting point for directory searches. Base DN is usually derived from the Bind DN by removing the user name and specifying the group where users are located. Example syntax for Base DN: |
Authentication | The authentication method to use between the Application Gateway and the LDAP server. The Application Gateway currently supports Simple authentication. |
Note: You do not need to submit your changes or restart the Application Gateway until after you have finished specifying Directory settings.
