Password and settings LDAP

[impiantitel]

hi,

I do not understand where you set the settings LDAP server side Vodia,

especially I do not understand where you set the pswd LDAP

[Vodia PBX]

You cannot set the LDAP password - it is automatically generated. This is because many SIP phones don't support TLS or StartTLS or it is simply buggy (e.g. no SNI extension and problems with the certificate). Then it is better to limit the damage and have a separate password just for LDAP which does not have the permission to make calls. 

But you can use the web password instead. It serves as the "master password" for the account - bear in mind if that password leaks out attackers will be able to make calls using the password.

[impiantitel]

so, summarizing, if they supply an ok phone, the pswd is automatically given by the Vodia server.
If instead they approve a phone manually I have not well understood which pswd LDAP I have to use.
Second question was, where do I set the LDAP settings on the Vodia Server?

[impiantitel]

there are no answers to my two questions?

[Support]

Hi,

 

All the allowed LDAP settings that you can do via the PBX are on the webpage /reg_ports.htm

If the phone allows you to set the LDAP password, then your best bet is to use web password that you've set under /dom_settings.htm webpage on the PBX.

 

[Vodia PBX]

In terms of settings what you could do is provision a phone, and then take a look on how it was set up - kind of reverse engineer what has been provisioned. Instead of using the LDAP password you can then use the extension web password, and this should work.

[impiantitel]

Thank you for your answer,
I looked at what the Yealink phone receives but unfortunately I can not see in clear the pswd.
The web pswd works, but since I wanted to create a manual template for Yealink phones, it becomes uncomfortable on every phone to modify the LDAP pswd. I find it strange that there can be no way to read what the Vodia server sends as LDAP pswd setting. 

[Support]

Not sure if manually hard coding the highlighted part of the template is a solution here, but worth a try.

This does it for the whole admin level, you can do similar on domain and extension level too.

[impiantitel]

Thank you,
as soon as I can, I'll try and catch you up,
Unfortunately Yealink phone configuration side shows this:

### For security, the following parameters with password haven't been display in this file.
###account.1.password = 
###static.auto_provision.server.password = 
###ldap.password = 

 

I think it was more convenient if Vodia in the webpage /reg_ports.htm had 2 more options:
LDAP Credentials (mandatory and complex):
- user =
- password =

This way it would be easier for everyone and would be useful for every phone vendor (provisioning aside)