LDAP overview

Anonymous subscriber directory access

Message Networking supports anonymous LDAP queries of its subscriber directory, which contains all of the mailboxes in the enterprise, regardless of the type of remote machine used by each subscriber. Anonymous LDAP queries of the subscriber directory can be used in the following ways:

Customer synchronization of the Message Networking Directory with other general enterprise directories (personnel directories)

Third-party reporting application access to the Message Networking subscriber directory, including query of subscribers with recorded voice names

Email client searches of employees within the enterprise

Note: Anonymous LDAP clients do not have to be administered in the Message Networking system to perform queries of the subscriber directory.

The document titled LDAP Server Access provides additional background and implementation information about accessing the LDAP server. In addition, the document LDAP Schema for Message Networking provides a list of the subscriber directory fields available via the LDAP interface and a list of recommended searches. Both of these documents are available from the Avaya support site at http://www.avaya.com/support.

Trusted server access

Remote LDAP clients that can access the Message Networking application for LDAP queries and system administration are referred to as LDAP trusted servers. These LDAP trusted servers act as LDAP clients of the Message Networking application server. Message Networking trusted servers have special permission to perform query and administrative functions on the Message Networking system.

Note: If a trusted server is not administered, all of the remote administration capabilities defined for the system are blocked except for anonymous subscriber directory access.

Customers can develop their own applications for LDAP access to the system, or you can contact your Avaya sales representative for information about third-party LDAP clients that support Message Networking's LDAP interface. If you choose to develop your own application, see LDAP Server Access for implementation information.

The following tasks can be performed via Message Networking's LDAP interface using an LDAP client administered as a trusted server:

Anonymous queries of the subscriber directory

Queries of administrative and report data

Subscribers
Remote machines
Call detail recording
Traffic
Enterprise Lists

Note: As an alternative, you can use FTP to import subscriber directories or export reports that are saved in ASCII format.

Outbound subscriber updates (based on directory view settings):

Adds
Changes
Deletes

Inbound subscriber updates for specific remote machine types:

AMIS
Octel Analog
VPIM
SMTP/MIME – non-Modular Messaging with an Avaya Message Storage System (MSS)

Administration of remote machine data:

Adds
Changes
Deletes

Enterprise List administration:

System administrator functions:
- Administer at the system level and list level
- Synchronize the enterprise personnel directory with the Enterprise List application
- Implement third party applications that provide enhanced general user interfaces (GUIs) to administer and report on lists
Subscriber administration functions:
- Create lists
- Add, delete, and change entries in a given list
- Self-subscribe to subscription-based Enterprise Lists
- Access reports

Note: Subscriber access to these Enterprise List administrative functions depends on the permissions assigned to the subscriber on the Message Networking system. For more information, see Administering subscriber permissions for LDAP Clients.

The document titled LDAP Server Access, which is available from the Avaya support site, provides a list of the subscriber directory fields available via the LDAP interface and a list of the recommended searches. Go to http://www.avaya.com/support and then navigate to the Message Networking page.

So that an LDAP client can access Message Networking via the LDAP interface, you must establish a secure and trusted connection:

Administer an LDAP client remote machine for each LDAP client that will access the Message Networking system. The remote machine profile includes information such as the IP address of the LDAP client, the password that will be used to authenticate the connection, and whether automatic upgrades are supported to and from the LDAP client.

Once the LDAP client remote machine is administered, the remote client can request a connection from the Message Networking server. The LDAP client must supply a valid login (or domain name) and password. If the client's connection request is secured with a login and password, the system considers the connection to be from a trusted server.

If a connection request fails login and password verification, the connection is considered anonymous, and its search capabilities are limited to a subset of subscriber directory information. The system rejects any add, modify or delete requests by anonymous connections.

Message Networking supports SSL for both incoming and outgoing LDAP connections. Message Networking uses standard LDAP port 389 for LDAP client access. If you want to use SSL for LDAP transmissions, you must configure it on the LDAP client you are using. There is no administration required on the Message Networking system to enable SSL for LDAP.

Note: If you are using certain older versions of ldapsearch from the command line, and you want to use -ZZ, you must enter the fully qualified domain name (FQDN) for the host on which the LDAP server is running. Newer versions do not require you to enter the FQDN.