Jump to content
Vodia PBX forum
impiantitel

Password and settings LDAP

Recommended Posts

You cannot set the LDAP password - it is automatically generated. This is because many SIP phones don't support TLS or StartTLS or it is simply buggy (e.g. no SNI extension and problems with the certificate). Then it is better to limit the damage and have a separate password just for LDAP which does not have the permission to make calls. 

But you can use the web password instead. It serves as the "master password" for the account - bear in mind if that password leaks out attackers will be able to make calls using the password.

Share this post


Link to post
Share on other sites

so, summarizing, if they supply an ok phone, the pswd is automatically given by the Vodia server.
If instead they approve a phone manually I have not well understood which pswd LDAP I have to use.
Second question was, where do I set the LDAP settings on the Vodia Server?

Share this post


Link to post
Share on other sites

Hi,

 

All the allowed LDAP settings that you can do via the PBX are on the webpage /reg_ports.htm

If the phone allows you to set the LDAP password, then your best bet is to use web password that you've set under /dom_settings.htm webpage on the PBX.

 

Share this post


Link to post
Share on other sites

In terms of settings what you could do is provision a phone, and then take a look on how it was set up - kind of reverse engineer what has been provisioned. Instead of using the LDAP password you can then use the extension web password, and this should work.

Share this post


Link to post
Share on other sites

Thank you for your answer,
I looked at what the Yealink phone receives but unfortunately I can not see in clear the pswd.
The web pswd works, but since I wanted to create a manual template for Yealink phones, it becomes uncomfortable on every phone to modify the LDAP pswd. I find it strange that there can be no way to read what the Vodia server sends as LDAP pswd setting. 

Share this post


Link to post
Share on other sites

Not sure if manually hard coding the highlighted part of the template is a solution here, but worth a try.

This does it for the whole admin level, you can do similar on domain and extension level too.

1.png

Share this post


Link to post
Share on other sites

Thank you,
as soon as I can, I'll try and catch you up,
Unfortunately Yealink phone configuration side shows this:

### For security, the following parameters with password haven't been display in this file.
###account.1.password = 
###static.auto_provision.server.password = 
###ldap.password = 

 

I think it was more convenient if Vodia in the webpage /reg_ports.htm had 2 more options:
LDAP Credentials (mandatory and complex):
- user =
- password =

This way it would be easier for everyone and would be useful for every phone vendor (provisioning aside)

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...