Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution

(1)

‡

OPS Manager, Release 7.4

IDS software package contains software components to be installed in the following directory servers:

Microsoft Active Directory Microsoft Exchange 5.5 Lotus Domino

Novell eDirectory

The installation of the components (by running IDSSetup.exe) will extend the schema of the directory server and will also provide user interface snap-ins to the directory server management tool.

IDS software package does NOT contain schema extension or snap-in components for any other directory servers. In order for IDS to operate with other

LDAPv3-compliant directory servers, the directory server database schema must be extended with classes and attributes required by IDS. Management tool snap-ins

are not needed for IDS to work and they may only provide convenience for updating IDS attributes of directory entries from the directory server side. This document provides detailed instructions on how to extend the directory server schema so that your directory server can work with IDS the same way as the out-of-box supported directory servers (Microsoft Active Directory, Microsoft Exchange 5.5, Lotus Domino and Novell eDirectory). The document also provides some background information on IDS operations for the purpose of better understanding the schema extensions. Software designers who will perform the database schema extensions on the directory server should have a good knowledge of schema extension and application development of their specific directory server. They should follow the instructions in the document very carefully.

Integrating Your Directory Server with our

Directory Service Solution

The Mitel

®

_{Integrated Directory Services (IDS) application synchronizes the telephone directory}

(2)

Administrators and users of the IDS application should refer to other documents on how to set up, how to configure and how to use IDS software. The recommended documents are as below.

• Mitel Enterprise Manager Technician’s Handbook, Release 3.0

The handbook provides instructions about how to install, configure, upgrade, maintain, and troubleshoot Mitel Enterprise Manager and OPS Manager systems. IDS is covered in several sections • Mitel OPS Manager Online Help

The help document provides detailed information about how to use OPS Manager features to achieve your tasks (including many sections on IDS application)

If you have authorization, you can access the Mitel Technical Documentation through the Mitel OnLine web site. You require a username and password to access this site. Visit http://www.mitel.com in your browser. You may also access the OPS Manager documentation on your OPS Manager software CD-ROM.

It is highly recommended that you review the above documents along with this document before you start performing your directory server schema extensions.

Directory Server OPS Manager SX-2000 PBX

Directory Modifications

Directory Modifications Directory Modifications Device Programing Directory Modifications

Phone

(3)

Introduction to Integrated

Directory Services

This section provides a brief introduction to OPS Manager’s IDS functionality. More detailed description of how IDS works will be covered in the section Integrated Directory Services In Operation later in this document.

Overview

IDS synchronizes selected directory information between a central corporate Directory Server (DS), OPS Manager, and the PBX network. This synchronization provides a single administration point for all systems involved. The DS Figure 1, on the previous page, shows these systems and the information that flows between them. (In Figure 1, Directory Modifications pertain to any modification; that is, a move, add, change or delete.) IDS allows the voice domain to be integrated with your organization’s overall Directory Server strategy and implementation, giving you the ability to administer your voice domain from the same location as your data domain. To achieve this, IDS uses Lightweight Directory Access Protocol (LDAP) as the mechanism for moving directory information between the DS and OPS Manager. IDS benefits include:

• Single administration point for voice and data domain – the DS

• Automated device programming and changing and deleting users from the DS

• Programming at the PBX is minimized, improving efficiency and accuracy

DS/OPS/PBX Synchronization

IDS can keep directory information in synchronization between the DS, OPS Manager and PBX. DS only exchanges directory information updates (moves, adds, changes or deletes) directly with OPS Manager. As part of the data synchronization between the DS and OPS Manager, OPS Manager is responsible to trigger the data synchronization with the managed PBX and then phone sets. Configuration can be done through OPS Manager IDS to specify if telephone devices will be affected during the synchronization; what information will be updated to the DS; and how and when the data update will happen. Please refer to OPS Manager Online Help for details of the operations.

There are three kinds of operations and all of them are initiated from OPS Manager:

1. Full Collect from Directory Server: Full collect from the DS will collect all OPS Manager IDS managed directory entries from the DS and save them in the OPS Manager database. This is typically used with a new OPS Manager installation to obtain the initial directory information for the DS.

2. Full Propagate to Directory Server: Full propagate to the DS will push all OPS Manager IDS managed directory entries from OPS Manager database to the DS. This is typically used with an existing OPS Manager installation when it is later decided to implement a DS.

(4)

For each operation between OPS Manager and the DS, OPS Manager initiates a LDAP connection with the DS and authenticates itself to the DS by using standard username / password authentication with or without SSL (Secure Sockets Layer). You can configure IDS to use SSL or not to use SSL to connect to the DS. Once the username / password is authenticated, information transfer between the DS and OPS Manager can commence. If the SSL is used, all the information flow between OPS Manager and the DS will be encrypted. Any IDS operation can be scheduled to run at specific dates and times. This feature makes the synchronization of directory information between the DS and OPS Manager, and / or switches and sets, easier and more efficient.

DS/NuPoint Messenger Synchronization

The voice mail user information can also be synchronized between the DS and Mitel Mail servers, i.e., Mitel NuPoint Messenger™ servers. This is a one-way only synchronization, that is, IDS distributes the voice mailbox changes from the DS to the Mitel Mail servers. Voice mail data is not collected from the Mitel Mail servers to update the DS. Therefore, you should only administer the voice mailboxes from the directory server. There are two kinds of operations and all of them are initiated from OPS Manager:

1. Full Collect from Directory Server: A full collection copies all the mailbox entries on the directory server into the Mitel Mail servers.

2. Synchronize with Directory Server: A synchronization collects the mailbox entries that have been modified since the last synchronization event. OPS Manager collects the modified entries from the directory server and copies them to the Mitel Mail servers. As noted above this is a one-way synchronization.

The mailbox entry information taken from the DS includes: Mailbox Name, Extension Number, Department, Mailbox Number and Passcode, which are all part of Mitel IDS specific user attributes and are only available after the DS schema has been extended with IDS required attributes. The IDS required attributes include more than the list above but only the above information will be updated to the Mitel NuPoint MessengerTM_{. IDS requires}

additional attributes for the synchronization process itself.

For each operation between NuPoint Messenger and DS, OPS Manager initiates a LDAP connection with the DS and authenticates itself to the DS by using standard username / password authentication with or without SSL. You can configure IDS to use SSL or not to use SSL to connect to the DS. Once the username / password is authenticated, information transfer between the DS and OPS Manager can commence. If SSL is used, all the information flow between OPS Manager and the DS will be encrypted.

Steps YOU Need to Take to Integrate Your

Directory Server

If the following steps are performed, your directory server should inter-operate with OPS Manager’s IDS functionality.

1. Extend the schema definitions of your DS with IDS required Attributes and Classes. See the following sections for the details of the required Classes and Attributes.

2. Develop applications that can read and write values of the IDS attributes of a given object if you intend to modify those attribute values in DS and you intend to have OPS Manager collect those values during a synchronization between OPS Manager and the DS. See the following sections for the formats and the purposes of each attribute.

3. Define an account (a directory entry including password) on your DS to be used by OPS Manager IDS to login to your DS as a LDAP client and give this account enough access control to read, modify, and add in the proper organizational location.

Note:The IDS will not delete any information from the DS other than its own attribute values. 4. Define a default location on your DS where OPS

(5)

Required Classes and Attributes

for Telephone Directory Data

When OPS Manager exchanges telephone directory data with the DS (synchronize with the DS, propagate to the DS or collect from the DS), there are two possible operations: write to DS and read from the DS. When OPS Manager IDS needs to create a new entry on the DS, IDS expects four hierarchical classes to be present: Top, Person, organizationalPerson and User. The object-class attribute of the new entry will have the multiple values of the four class names. Your DS must have these classes defined.

When OPS Manager IDS gets telephone directory data from the DS, it performs searches in the DS. IDS searches are based upon the organizationalPerson object-class. (If you do not use the organizationalPerson object-class, you must add this object-class to whatever object-class you use as your base person object-class.) IDS requires specific attributes for the base person object-class (organizationalPerson or user or a subclass of them). They must be created in the schema of your DS to the base person object-class.

The list of the telephone directory attributes required by OPS Manager IDS is described below.

The attribute descriptions are broken up as follows: • Description – a description of the attribute • LDAP name – the name that the attribute must

be defined as for LDAP requests

• Attribute type – text or boolean-style text • Attribute format – the format of the attribute • Length – the maximum length of the attribute • Additional – additional information

IDS-Managed

LDAP name: mitelidsmanaged

attribute type: Boolean-style text YES or NO

attribute format: One of YES or NO

description: This attribute indicates whether or not

OPS Manager IDS should care about this entry. If set to YES, OPS Manager IDS search will cover the directory entry. If set to NO, OPS Manager IDS will ignore the directory entry

length: Not applicable

additional: This attribute should be

searchable (indexed)

This attribute should be set to YES for every entry that you want OPS Manager to manage. It should be set to NO for those entries you want IDS to ignore.

IDS Identifier

LDAP name: mitelidsid

attribute type: Text

attribute format: <identifier>

description: This attribute is a unique DS-generated

key for the entry. (This is what differentiates entries from one another on the DS)

length: 256 characters

This attribute should remain constant The generation of the IDS identifier is left entirely up to your discretion. This identifier must be unique for every entry that will be exchanged between OPS Manager and the DS; therefore, it must exist for every entry. It is the key index between an OPS Manager directory entry and the DS directory entry. Once set, this value must not be changed. Changing this value will affect OPS Manager’s ability to synchronize the entry and could possibly result in undesired additions or deletions. One suggestion is to use the DN (distinguished name) of the entry to fill in this value upon creation. (Even if the DS entry’s DN changes, this field can remain the same as the old DN, and the entry will remain in synchronization with OPS Manager.)

(6)

Modification Timestamp

LDAP name: mitelidsmodified

attribute format: <YYYYMMDDHHMMSSZ> (in GMT)

description: A string representation of the date

and time that the entry was last modified. When this string is sorted lexicographically, it is also sorted in the correct date-order. It is used to identify entries that have changed on the DS since the last time OPS Manager checked

additional: This attribute should be searchable

(indexed). This attribute should be updated every time the entry is modified in DS

This attribute should be updated whenever modifications are made to the entry in the DS side. If possible, you may want to update this value only when one of the mitelids server attributes is modified. This approach may reduce traffic between OPS Manager and the DS because only modifications due to IDS information changes will be detected. (It is not necessary to do this though, because OPS Manager can determine that no changes have been made to an entry when it is imported.)

The DS application is responsible for updating this attribute. OPS Manager IDS will not update this attribute.

Name

LDAP name: mitelidsname

attribute format: <last name>,<first name>

description: This attribute is the name field from

OPS Manager Telephone Directory (and the PBX telephone directory)

length: 21 characters (including comma)

This attribute should be formatted as Last Name, First Name, using a comma (,) as the separator between last and first names. The maximum length of this field is 21 characters, including the comma (,). (If the name is known to exceed 21 characters, the administrator may want to use initials for the first name to avoid truncations).

Example:

If your directory server stores the Last Name as surname and First Name as givenname, this field would be formatted as: mitelidsname = surname,givenname (truncated at 21 characters)

For more information on the Name field on OPS Manager, please see the OPS Manager online Help.

Number

LDAP name: mitelidsnumber

attribute format: <number>

description: This attribute is the number field from

OPS Manager Telephone Directory

This attribute stores the telephone number that will be used by OPS Manager to provision a device. The telephone number must meet the requirements of the user configuration on OPS Manager, e.g., it must include the Primary Node Identifier. For more information on the Number field on OPS Manager, please see the OPS Manager online Help.

Department

LDAP name: mitelidsdepartment

attribute format: <department>

description: This attribute is the department field

from OPS Manager Telephone Directory

This attribute should represent the department attribute on your DS. The maximum length of this field is 10 characters. For more information on the Department field on OPS Manager, please see the OPS Manager online Help.

Location

LDAP name: mitelidslocation

attribute format: <location>

description: This attribute is the location field from

OPS Manager Telephone Directory

(7)

Home Element

LDAP name: mitelidshomeelement

attribute format: <PBX name>

description: This attribute is the name of the PBX

where the device is physically programmed. It must appear exactly as it is programmed on OPS Manager

A list of available home elements is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to the programmed home elements in OPS. You can use this file to generate a list of valid home elements that can be chosen. The file can be retrieved using the following URL: http://<OPS_Manager_Server_Name>

/opsids/ids_homeelement.txt

The format of this file is shown below: (blank lines should not be used)

PBX 1<cr> PBX 2<cr> PBX 3<cr> PBX n

For more information on the Home Element field on OPS Manager, please see OPS Manager online Help.

Device Type

LDAP name: mitelidsdevicetype

attribute format: <device type>

description: This attribute is the set device type

from OPS Manager Telephone Directory. The device type strings must appear exactly as on OPS Manager

A list of available device types is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to device types supported by OPS Manager. You can use this file to generate a list of valid device types that can be chosen. The file can be retrieved by using the following URL: http://<OPS_Manager_Server_Name>

/opsids/ids_devicetype.txt

The format of this file is shown below: (blank lines should not be used)

No Device 5001 IP 5215 dual mode 6600 YA PRO CitelLink Type1 DECT OP26/27 Hot Desk NetVision IP ONS/OPS OpenPhone 26/27 SpectraLink NetLink Superset 4001

For more information on the Device Type field on OPS Manager, please see the OPS Manager online Help.

PLID

The PLID is the Physical Location IDentifier. It identifies the physical location of the telephone set on the given Home Element (mitelidshomeelement). There are four elements to the PLID which are described in the following sections. For more information on the PLID field on OPS Manager, please see the OPS Manager online Help.

Note:For IP devices, the PLID fields are normally assigned automatically by OPS Manager MAC application and they do not need to be set in the DS side.

PLID – Cabinet

LDAP name: mitelidsplidcabinet

attribute format: <plid cabinet>

description: This attribute is the cabinet number

from the home PBX

PLID – Shelf

LDAP name: mitelidsplidshelf

description: This attribute is the shelf number

from the home PBX

(8)

PLID – Slot

LDAP name: mitelidsplidslot

description: This attribute is the slot number

from the home PBX

PLID – Circuit

LDAP name: mitelidsplidcircuit

description: This attribute is the circuit number

from the home PBX

Private Number

LDAP name: mitelidsprivatenumber

attribute format: one of YES or NO

description: This attribute is the privacy field from

OPS Manager Telephone Directory. It indicates that the caller’s extension number will not be displayed on destination telephone set displays

length: not applicable

For more information on the Private Number field on OPS Manager, please see the OPS Manager online Help.

Prime Name

LDAP name: mitelidsprimename

description: This attribute is the prime field from

OPS Manager Telephone Directory. If multiple users share a directory number (DN), this field associates one of the users as the prime user of that set. The name of the prime user will be displayed on the destination set when a call is placed. Only one person can be set to prime on a telephone

length: Not applicable

For more information on the Prime Name field on OPS Manager, please see the OPS Manager online Help.

Host that Last Modified Entry

LDAP name: mitelidsmodifiedby

attribute format: <hostname>

description: This attribute is the name of the host

that modified the entry last. The directory server should update this value with its hostname on every update that is initiated by the directory server

Whenever an entry is updated from your directory server administration interface, this attribute should be set to the directory server hostname. OPS Manager will always set this attribute to its hostname. When importing entries, OPS Manager uses this attribute in the search filter so that only changes made by the directory server (mitelidsmodifiedby!=<OPS hostname>) are imported into OPS Manager.

MAC Template for Add

LDAP name: mitelidsmactmpl

attribute format: <template name>

description: This attribute allows you to select

a template to apply to Add User operations. This template only applies to Add User operations that you perform from the directory service. It overrides the Add User template that is selected in the OPS Manager Directory Server Setup application. You create templates in the OPS Manager application

A list of available templates is available on the OPS Manager web server through the HTTP protocol. This file will be updated when changes are made to templates on OPS Manager. You can use this file to generate a list of valid template names that can be chosen. The file can be retrieved by using the following URL:

http://<OPS_Manager_Server_name> /opsids/ids_templates.txt

The format of this file is shown below: Default Add

(9)

MAC Address of an IP Telephone

LDAP name: mitelidsmacaddress

attribute format: <MAC address, e.g. 08:00:FF:81:B6:59>

description: This attribute identifies the Media

Access Control address of an IP telephone (for example, the Mitel 5220 IP Phone). Addresses are only required for IP phones and IP phones are only available on the Mitel 3200 IP Communications Platform (ICP), the Mitel 3300 IP Communications Platform (ICP, or the Mitel 3800 Applications Gateway

This field is only enabled if the device type is an IP phone. You can only program IP telephones as the device type if the home element is a 3200 ICP, 3300 ICP, or 3800 Applications Gateway system

length: 12 characters (excluding colons)

Customer Emergency Services ID

LDAP name: mitelidscesid

attribute format: <ID digits>

description: This attribute allows you to enter

a digit string (maximum of 10 digits: 1 to 9) that identifies a voice device when a 911 emergency call is placed from the device. The Customer Emergency Services Identification (CESID) is the index that the Public Safety Answering Point (PSAP) uses to access information from an Automatic Line Information (ALI) database. The ALI database provides the emergency administration center with the company name, address, postal code, and location of the voice device that originated the 911 call. In general, each voice device will have a unique CESID

(10)

Telephone Directory Attribute Relationships

Between the Directory Server and

OPS Manager

The IDS attributes defined on the directory server have a direct relationship to attributes in the OPS Manager Telephone Directory or are used by OPS Manager when accessing the directory server.

These relationships are summarized in the table below:

Directory Server Attribute OPS Manager Relationship

mitelidsmanaged Managed by IDS checkbox in the Telephone Directory Editor and in the MAC

workform user interface (UI)

mitelidsid Attribute in OPS Manager database. Not visible on any OPS Manager UI

mitelidsname Name field in the Telephone Directory Editor and in the MAC workform UI

mitelidsnumber Number field in the Telephone Directory Editor and in the MAC workform UI

mitelidsdepartment Department field in the Telephone Directory Editor and in the MAC workform UI

mitelidslocation Location field in the Telephone Directory Editor and in the MAC workform UI

mitelidshomeelement Home Element field in the Telephone Directory Editor and in the MAC workform UI

mitelidsdevicetype Device Type field in the Telephone Directory Editor and in the MAC workform UI

mitelidsplidcabinet First component of the PLID field in the Telephone Directory Editor and in the

MAC workform UI

mitelidsplidshelf Second component of the PLID field in the Telephone Directory Editor and

in the MAC workform UI

mitelidsplidslot Third component of the PLID field in the Telephone Directory Editor and in the

MAC workform UI

mitelidsmanaged Managed by IDS checkbox in the Telephone Directory Editor and in the MAC

workform UI

mitelidsplidcircuit Fourth component of the PLID field in the Telephone Directory Editor and

in the MAC workform UI

mitelidsprivatenumber Privacy field in the Telephone Directory Editor and in the MAC workform UI

(11)

Duplicate fields are used for the Name (mitelidsname), Number (mitelidsnumber), Department (mitelidsdepartment) and Location (mitelidslocation) attributes, primarily so that when it writes to the DS from OPS Manager it will not affect the original data in the DS (nondestructive). You can also create the above four fields as aliases to the real fields on your DS and have OPS Manager update the real fields instead of duplicate fields – if this is the behavior you desire.

By default the IDS application does not update any existing attributes within the DS. However the telephone number, department and location fields in the DS can be updated if required.

Required Classes and Attributes

for Voice Mail Data

If you have Mitel Mail (NuPoint Messenger) servers programmed in OPS Manager server and need to synchronize user information between your directory servers and your Mitel Mail servers, you must create a new object class for the Mitel Mail server and add some attributes to this class. The class definition and attributes formats are described below.

In the following sections, these three terms are used interchangeably: Mitel Mail, NuPoint Messenger and voice mail.

Voice Mail Server Class

LDAP name: mltvmserver

description: This is a new class you must create

in the directory server. This class can be a subclass of your choice. For example, it can be a subclass of top class. The purpose of the class is that you can create an object instance of the voice mail server for the user’s mailbox. The attributes as described below must be added to the schema for this class

Server Type

LDAP name: mitelidsvmsrvtype

attribute format: <MitelMail>

description: This attribute indicates the server

type. Currently there is only one server type. This attribute must be set a value as MitelMail

length: Exactly 9 as of the length of MitelMail

Server Host Name

LDAP name: mitelidsvmsrvhostname

attribute format: <server host name or IP address>

description: This attribute is the actual host name

or the IP address of the Mitel Mail server. For example, the value can be NuPointMessenger1 or its IP address 123.456.78.90

length: 256 alphanumeric characters

Directory Server Attribute OPS Manager Relationship

mitelidsmodified Used by OPS Manager when searching for entries on the DS. This value is not stored

in the OPS Manager database. Used by OPS Manager to determine which server made the last modification

mitelidsmactmpl Used by OPS Manager to choose the template for MAC ADD operation

mitelidsmacaddress MAC address field in the Telephone Directory Editor and in the MAC workform UI

(12)

Associated PBX

LDAP name: mitelidsvmsrvassocpbx

attribute format: <PBX name >

description: This attribute identifies the PBX

to which the Mitel Mail server is connected. In OPS Manager server, there is a list of network elements defined. From that list, one Network element name is identified as the associated PBX for the Mitel Mail

The PBX name must appear exactly the same as it is programmed on OPS Manager. The list of available network elements is available on the OPS Manager web server through the HTTP protocol. The file containing the list will be updated when changes are made to the programmed network elements. You can use this file to generate a list of valid network elements that can be chosen. The file can be retrieved using the following URL: http://<OPS_Manager_Server_Name>

/opsids/ids_homeelement.txt

Administrator Account

LDAP name: mitelidsvmsrvadminacct

attribute format: <account name>

description: This attribute is the administrator

account name for the voice mail server

Administrator Account Passcode

LDAP name: mitelidsvmsrvadminpass

attribute format: <passcode>

description: This attribute is the passcode

for the administrator account

OPS Manager IDS requires some specific attributes for the base person object-class (organizationalPerson or user or a subclass of them). This is the list of the voice mail attributes required by OPS Manager IDS. They must be created in the schema of your DS to the base person object-class.

IDS Voice Mail Managed

LDAP name: mitelidsvmenabled

description: This attribute indicates whether or not

the IDS-VM application will synchronize this mailbox information with the mailbox information on the Mitel Mail server

Set to YES if you want to administer the user's mailbox from the directory service. If set to NO, any changes that you make to this user's properties are not propagated to the user’s mailbox on the Mitel Mail server. If set from YES to NO, the mailbox will be deleted from the Mitel Mail server during the next synchronization event

length: not applicable

Mailbox Name

LDAP name: mitelidsvmname

attribute format: <last name>,<first name>

description: This attribute is the mailbox name

of the user

length: 31 characters (a comma counts

as a character)

The value of this attribute can be derived from the user name information in the DSand truncated if needed.

Extension Number

LDAP name: mitelidsvmextension

attribute format: <extension number>

description: This attribute is the extension number

that is associated with the mailbox

length: 15 digits (any digit numbers of 0 to 9)

(13)

Department

LDAP name: mitelidsvmdepartment

attribute format: <department>

description: This attribute is the user’s department

The value of this attribute can be copied from the user department information in the DS and truncated if needed.

Voice Mail Server Name

LDAP name: mitelidsvmserver

attribute format: <VM server name>

description: This attribute is the voice mail server

name for the user’s mailbox

length: Any length acceptable by the DS

You must create Mitel Mail server objects in your DS first. This is done by creating an instance object of the class mltvmserver which needs to be created. You can get a list of voice mail servers from the DS by querying for the objects whose object class is mltvmserver.

Mailbox Number

LDAP name: mitelidsvmmailboxnumber

attribute format: <mailbox number>

description: This attribute is the mailbox number

for the user

Template

LDAP name: mitelidsvmtemplate

attribute format: <template name>

description: This attribute is the template name

that you want to apply when you add a new mailbox

The actual templates are defined in the DS setup dialogue in the OPS Manager. The list of available templates is available on the OPS Manager web server through the HTTP protocol. You can generate a list of valid templates by using the following URL:

http://<OPS_Manager_Server_Name> /opsids/vmtemplates.asp

Mailbox Passcode

LDAP name: mitelidsvmpasscode

attribute format: <passcode >

description: This attribute is the passcode

to the user's mailbox

The passcode must be at least four digits in length.

Defining an OPS Manager Login Account

This account is used by OPS Manager to log into the DS. Once logged in and authenticated, OPS Manager searches, modifies, and makes additions to the DS using LDAP.

Authentication is performed by using the

username / password with or without SSL. You can configure IDS to use SSL or not to use SSL to connect to DS. If the LDAP port is not 389, OPS Manager IDS will connect to directory server using SSL. Refer to OPS Manager online Help for details of the configuration.

Defining a Default LDAP Add Location

OPS Manager will add entries to the default LDAP Add location on your directory server. The location can be the same as all of your other entries or a special location that you define.

When installing OPS Manager, you will be required to provide the DN (distinguished name) of this location (DEFAULT CONTAINER).

Example:

When adding to a directory server, the DEFAULT CONTAINER can be defined as:

Exchange 5.5: cn=Recipients,ou=SITE_NAME,o=ORGANIZATION _NAME Lotus Domino: o=ORGANIZATION_NAME Novell eDirectory: ou=SITE_NAME,o=ORGANIZATION_NAME Active Directory: cn=Users,dc=SECOND_LEVEL_DOMAIN_NAME,dc= TOP_LEVEL_DOMAIN_NAME

(14)

Integrated Directory Services in Operation

When the new classes and attributes have been defined in the schema of the Directory Server, IDS is ready to run. The following sections briefly describe how OPS Manager uses these newly added classes and attributes.

Note:How an entry will be updated in OPS Manager side is configurable. In the Directory Server Setup dialogue in OPS Manager, if Update Users and Devices is toggled on, the entries from Directory Server will be updated in OPS Manager using MAC application, i.e., both user and device information will be updated. If Update Users Only is toggled on, the entries from Directory Server will be updated in OPS Manager using Telephone Directory application, i.e., only user information in the Telephone Directory will be updated and device information will not be modified.

The operations below are presented in the case of Update Users and Devices is toggled on. When OPS Manager needs to query the DS for any candidate entries using a specific query filter,

OPS Manager also uses a search base. The search base is configured during OPS Manager software installation process. When asked, you should provide a correct SEARCH BASE for OPS Manager to use for its LDAP query. Usually search base is the same as

DEFAULT CONTAINER.

Full Collect from the Directory Server

The full collect operation is used to synchronize the directory server and OPS Manager directories initially or to correct severe corruption of the OPS Manager database. A full collect operation should not be performed on a daily basis. This operation retrieves all IDS-managed entries from the directory server; that is, all entries on the directory server with the mitelidsmanaged attribute set to YES. (Entries on the directory server with the mitelidsmanaged attribute set to NO will not be collected into OPS Manager.)

OPS Manager follows these steps to perform a full collect:

1. Mark all Telephone Directory entries as non-IDS-Managed; uncheck the Managed by IDS checkbox in the Telephone Directory Editor (or MAC workform UI). (This allows each collected entry to reset its own checkbox when it is collected in the next step. This means that when the collect is finished, all checked entries in the Directory Server will be IDS-managed in the Telephone Directory Editor.) 2. Request all the mitelids server attributes for entries

from the directory server that have mitelidsmanaged set to YES.

The query filter is:

(&(objectclass=organizationalperson)(mitelidsmanaged =yes))

3. Compare the attributes of each returned entry against the existing OPS Manager Telephone Directory to determine what to do with the information:

• If the entry doesn’t exist in Telephone Directory, add the entry using MAC

• If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have changed, move the entry using MAC • If the entry exists in Telephone Directory and the

Home Element, Device Type, or PLID attributes have not changed, change the entry using MAC • If the entry exists in Telephone Directory and no

attributes have changed, ensure that the Managed by IDS checkbox is checked

(15)

Full Propagate to the Directory Server

The full propagate operation is used to fully synchronize the directory server and OPS Manager directories initially or to correct severe corruption of the DS database. A full propagate operation should not be performed on a daily basis.

This operation writes all IDS-managed entries from OPS Manager to the directory server; that is, all entries on OPS Manager with the Managed by IDS checkbox checked in the Telephone Directory Editor (or on the MAC workform UI). (Entries on OPS Manager that do not have this box checked will not be propagated to the DS.)

OPS Manager follows these steps to perform a full propagate:

1. Generate an output entry for each IDS-managed entry in the OPS Manager Telephone Directory. 2. Compare the generated output entries from OPS

Manager with entries in the DS to determine the corresponding actions:

• If the same entry exists in DS, modify the DS entry with the values from OPS Manager • If the directory entry does not exist in DS, add

the entry to the DS

After the full propagate operation is complete, each Telephone Directory entry with the Managed by IDS checkbox checked will have a corresponding entry on the DS with the mitelidsmanaged attribute set to YES.

Synchronization Between OPS Manager

and the Directory Server

The synchronization operation is usually performed daily (or as often as necessary) to maintain synchronization between the OPS Manager Telephone Directory and the DS. Any modifications to the entries managed by OPS Manager IDS in directory server result in changes to the mitelidsmodified timestamp attribute. Once those modifications happen, there is a set of IDS-Managed (mitelidsmanaged=YES) entries on the DS that have a mitelidsmodified timestamp greater-than-or-equal-to (>=) the timestamp of the last synchronization. This set of entries is collected by OPS Manager each time a synchronization is performed, ensuring that any changes made on the DS are also updated on OPS Manager. Similarly, any modifications to the OPS Manager

Telephone Directory result in a set of differences between the OPS Manager Telephone Directory and the DS. (Changes to the OPS Manager Telephone Directory can be made from the Telephone Directory Editor, MAC, or from the PBX.) Each time a change is made on OPS Manager, a change record is produced which will be written to the DS during the next synchronization operation. These change records for the DS can be viewed from Telephone Directory Utilities in OPS Manager.

OPS Manager follows these steps to perform the synchronization:

1. Request all the mitelids server attributes for entries from the directory server that have mitelidsmanaged set to YES and that were modified from directory server side.

The query filter is:

(&(&(objectclass=organizationalperson)(mitelidsmanaged =yes))(!(mitelidsmodifiedby=<OPS Host>)))

(16)

2. Compare the attributes of each returned entry against the existing OPS Manager Telephone Directory to determine what to do with the information:

• If the entry doesn’t exist in Telephone Directory, add the entry using MAC

• If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have changed, move the entry using MAC

• If the entry exists in Telephone Directory and the Home Element, Device Type, or PLID attributes have not changed, change the entry using MAC • If the entry exists in Telephone Directory and

no attributes have changed, ensure that the Managed by IDS checkbox is checked 3. Compare the generated output entries from OPS

Manager with entries in the DS to determine the corresponding actions:

• If the same entry exists in the DS, modify the DS entry with the values from OPS Manager. • If the directory entry does not exist in DS, add

the entry to the DS

• If the entry is not IDS managed by OPS Manager or completely deleted from OPS Manager, then the action is to Delete Mitel IDS attributes of the entry in the DS (mitelidsmanaged, etc) but the entry still exists in the DS

After the synchronization operation is completed, entries on the directory server with the mitelidsmanaged attribute set to YES will have a corresponding entry on OPS Manager with the Managed by IDS checkbox in the checked state, and the information in each entry will be consistent across OPS Manager and the DS.

Deletions

IDS deletions of entries on the DS can be discovered as part of a synchronization event and can also be excluded from a synchronization event. A synchronization event that includes the discovery of IDS deletions may take significantly longer than one that does not include deletions because of the overhead required to discover deletions.

Note:IDS deletions made on the DS: IDS deletion in directory server means either an entry is completely deleted from the DS so the entry does not exist in the DS anymore or an entry is not managed by OPS Manager IDS anymore (the attribute value for mitelidsmanaged is set to NO) but the entry itself is still in the DS.

Due to technical limitations in discovering deleted entries on some directory servers, a special approach must be used to find entries which have been deleted from the DS.

The basic algorithm OPS Manager uses to discover the IDS deleted entries from the DS is to find the set of IDS-managed (mitelidsmanaged=YES) entries that exist only in the OPS Manager Telephone Directory. That is, if an entry is marked as IDS-managed and has an IDS identifier (mitelidsid), but does not have a corresponding entry on the DS that is also marked as IDS-managed, the entry is considered to be part of this set. Once the set of entries is found, the entries are marked for deletion and are processed by OPS Manager.

(17)

DS/NuPoint Messengers Synchronization

To synchronize the mailbox entries on the DS with the mailbox entries on the Mitel Mail servers, you can perform either of the following operations from OPS Manager:

• Synchronization with DS • Full Collect from DS

Synchronization with Directory Server

A synchronization collects the mailbox entries in the DS that have been modified since the last synchronization event and copies them to the Mitel Mail server. When you schedule a synchronization event, you can choose to:

• Synchronize new and modified entries only • Synchronize deleted entries only

• Synchronize new, modified and deleted entries in one event

OPS Manager IDS VM application will do the following: If to synchronize new and modified entries:

• Query for all the entries whose object class is organizationalPerson and whose attribute mitelidsvmenabled has a value of YES The query filter is:

(&(objectclass=organizationalperson)(mitelidsvmenabl ed=yes))

• For those whose timestamp (mitelidsmodified) is newer than the lastchecked timestamp, OPS Manager IDS VM will add them to the Mitel Mail server if they did not exist there or modify the entries if they already existed

If to synchronize deleted entries:

• For those mailbox entries that still exist in the Mitel Mail server but not mitelidsvmenabled (the attribute either does not exist or its value is NO) in DS, OPS Manager IDS VM will delete them from the Mitel Mail server

Full Collect from DS

A full collection propagates all the mailbox entries on the directory server to the Mitel Mail server.

OPS Manager IDS VM application will do the following: • Query for all the entries whose object class

is OrganizationalPerson and whose attribute mitelidsvmenabled has a value of YES. The query filter is:

(&(objectclass=organizationalperson)(mitelidsvmenabled =yes))

(18)

www.mitel.com

North America Tel: (613) 592 2122 Fax: 1 800 648 3579 Latin America Tel: (613) 592 2122 Fax: 1 800 648 3579 UK Tel: +44 (0)1291 430000 Fax: +44 (0)1291 430400 France Tel: +33 (0)1 61 37 00 90 Fax: +33 (0)1 61 37 00 99

THIS DOCUMENT IS PROVIDED TO YOU FOR INFORMATIONAL PURPOSES ONLY. The information furnished in this document, believed by Mitel to be accurate as of the date of its publication, is subject to change without notice. Mitel assumes no responsibility for any errors or omissions in this document and shall have no obligation to you as a result of having made this document available to you or based upon the information it contains.

Benelux Tel: +31 (0)30 85 00 030 Fax: +31 (0)30 85 00 031 Italy Tel: +39 02 2130231 Fax: +39 02 21302333

Germany, Switzerland, Austria

Tel: +49 (0)211 5206480 Fax: +49 (0)211 52064899

Portugal and Spain