impiantitel Posted September 24, 2019 Report Share Posted September 24, 2019 hi, I do not understand where you set the settings LDAP server side Vodia, especially I do not understand where you set the pswd LDAP Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 25, 2019 Report Share Posted September 25, 2019 You cannot set the LDAP password - it is automatically generated. This is because many SIP phones don't support TLS or StartTLS or it is simply buggy (e.g. no SNI extension and problems with the certificate). Then it is better to limit the damage and have a separate password just for LDAP which does not have the permission to make calls. But you can use the web password instead. It serves as the "master password" for the account - bear in mind if that password leaks out attackers will be able to make calls using the password. Quote Link to comment Share on other sites More sharing options...
impiantitel Posted September 25, 2019 Author Report Share Posted September 25, 2019 so, summarizing, if they supply an ok phone, the pswd is automatically given by the Vodia server. If instead they approve a phone manually I have not well understood which pswd LDAP I have to use. Second question was, where do I set the LDAP settings on the Vodia Server? Quote Link to comment Share on other sites More sharing options...
impiantitel Posted September 27, 2019 Author Report Share Posted September 27, 2019 there are no answers to my two questions? Quote Link to comment Share on other sites More sharing options...
Support Posted September 27, 2019 Report Share Posted September 27, 2019 Hi, All the allowed LDAP settings that you can do via the PBX are on the webpage /reg_ports.htm If the phone allows you to set the LDAP password, then your best bet is to use web password that you've set under /dom_settings.htm webpage on the PBX. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 27, 2019 Report Share Posted September 27, 2019 In terms of settings what you could do is provision a phone, and then take a look on how it was set up - kind of reverse engineer what has been provisioned. Instead of using the LDAP password you can then use the extension web password, and this should work. Quote Link to comment Share on other sites More sharing options...
impiantitel Posted September 27, 2019 Author Report Share Posted September 27, 2019 Thank you for your answer, I looked at what the Yealink phone receives but unfortunately I can not see in clear the pswd. The web pswd works, but since I wanted to create a manual template for Yealink phones, it becomes uncomfortable on every phone to modify the LDAP pswd. I find it strange that there can be no way to read what the Vodia server sends as LDAP pswd setting. Quote Link to comment Share on other sites More sharing options...
Support Posted September 27, 2019 Report Share Posted September 27, 2019 Not sure if manually hard coding the highlighted part of the template is a solution here, but worth a try. This does it for the whole admin level, you can do similar on domain and extension level too. Quote Link to comment Share on other sites More sharing options...
impiantitel Posted September 28, 2019 Author Report Share Posted September 28, 2019 Thank you, as soon as I can, I'll try and catch you up, Unfortunately Yealink phone configuration side shows this: ### For security, the following parameters with password haven't been display in this file. ###account.1.password = ###static.auto_provision.server.password = ###ldap.password = I think it was more convenient if Vodia in the webpage /reg_ports.htm had 2 more options: LDAP Credentials (mandatory and complex): - user = - password = This way it would be easier for everyone and would be useful for every phone vendor (provisioning aside) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.