How the LDAP import works for importing users

The LDAP import is designed to import user (and sometimes employee) information from active directory and possibly other directory systems.

It is included as a option some '.mif' import filters in MonImpSv, and also as an option when setting up new installation, or from MtAdmin. It is usually associated with a destructive import to the PABX.INI file, replacing all the existing user license slots with the new information retrieved from Active Directory.

Initialisation

Initialisation is usually performed with the first user record, rather that when a file or filter is opened. And memory freed with the last user record, rather than when a filter is normally closed. This way Active Directory is held open for the least amount of time.

In the Control INI file the NetworkDomain is read from the license section, and the MonTelAdminGroup and MonTelUserGroup from the [ClientDB] section.

The NetworkDomain is used also becomes the host name of the Domain Server. In the event this is different from the NetworkDomain the host name can specified in the DomainServer setting of the [System] section of the PMA file.

The MonTelAdminGroup and MonTelUserGroup are parsed to read just the group name, and are used if present to identify if the user has MonTel Administrator privileges (They do if they are a member of the MonTelUserGroup). Where these groups have not been specified for the ClientDB, or in a parser where those settings are not present, the groups (with out the domain component) can optionally be overwritten by the contents of the CNAdminGroup and the CNUsersGroup settings in the [System] section of the PMA file. Typically in a small to medium sized firm CNUsersGroup = "Domain Users", to save having to create another group. Note, that while MonTelAdminGroup and MonTelUserGroup from the [ClientDB] section of the Control INI file expect a full SAM name (that is "DOMAIN/Group name"), the CNAdminGroup and CNMonTelUserGroup expect only the group name.

ImportFormatOptions

Most filters will have an option (typically by adding 513 to the ImportReportFormat setting in the [Import] section of the PMA file) of searching all of Active Diredtory for users, not just the USers folder.

Most filters will have an option (typically by adding 1024 to the ImportReportFormat setting in the [Import] section of the PMA file) of ignoring users who are not in the either the MonTelUsersGroup or MonTelAdminGroup.

Most filters will have an option (typically by adding 4096 to the ImportReportFormat setting in the [Import] section of the PMA file) of importing users even if they don't have a telephone number specified in Active Directory.

Searching

The LDAP import will search only the 'users' folder for persons. A more comprehensive by much slower search of the entire Active Directory tree can be specified by adding 512 to the ImportReportFormat setting in the [Import] section of the PMA file. In either can only entries with the attribute objectClass of persons will be returned.

In order to speed up the search, where the DN (distinguished name) of the entity includes any of the following CNs or DNs the record will be skipped:

"CN=SSchema"

"CN=Configuration"

"CN=MicrosoftDNS"

"DC=DomainDnsZones"

"DC=ForestDnsZones"

"DC=TAPI3Directory"

Attribute matching

The following table shows how the Active Directory attributes are matched to elements of the User.

ACTIVE DIRECTORY	Employees table	USERS in PABX.INI
sAMAccountName	Login	Login name (key)
telephoneNumber	Station	Extension (EXT)
GUID	Employee Code	(CODE)
CN (Common name)	Full name	(FULL)
OU (Organisation Unit if used)	Department	(DEPT)
department (will override OU if present)	Department	(DEPT)
title		(DESC)
description	Pin number	(PIN)
manager	Added to the partners table.