Skip to content

User Provisioning via Active Directory / LDAP

About LDAP synchronization

First, you need to create an LDAP user synchronization job. This job may be started manually or by schedule (for example, every night).

If MiaRec detects a new user account in the LDAP server, then during synchronization the same account will be created in MiaRec. This newly created user will be added to the pre-configured default user group and a default role will be assigned to the user.

If the LDAP database contains the phone number for users, then such a phone number will be automatically added as an extension to the user.

When the phone number is updated in the LDAP server, then during synchronization such change will be applied to the MiaRec user record too. For, example, when the phone number in the LDAP server is moved from one user to another, then MiaRec will move the corresponding extension to a new user too.

When the phone number is removed from the LDAP user account, but the same phone number is not assigned to any other users, then MiaRec will do nothing during synchronization. The extension will not be removed from a user account. This is by design. It allows you to add the extensions to MiaRec users manually on his/her profile page, and such manually created extensions will not be removed during synchronization if your LDAP server is missing the phone number info.

Create LDAP user synchronization job

Navigate to Administration > User Synchronization > Active Directory/LDAP and click Add to create a new job.

Create LDAP user synchronization job

Fill out the required configuration parameters:

  • Name - give the job a distinctive name.
  • Synchronize new users - select this check box to import new users from the LDAP directory.
  • Synchronize existing users - select this check box to update existing users if data in the LDAP directory is different (for example, update the name or phone number).
  • Test only - select this check box to simulate the job for testing purposes.
  • LDAP host - Hostname or IP address of LDAP server.
  • LDAP port - Port of the LDAP server. Usually 389 for non-SSL connection and 636 for SSL.
  • Use SSL - select this check box to keep an internet connection secure.
  • LDAP domain - LDAP domain name. LDAP domain should be in Windows format (DOMAIN\username) rather than UPN format (username@domain.local)
  • LDAP connection account - LDAP user account, which will be used for searching the LDAP directory when synchronizing users.
  • LDAP connection password - LDAP user account password.
  • LDAP User Search Base - Search Base denotes the location in the directory where the search for a particular directory object begins. Example: CN=Users,DC=domain,DC=company,DC=com
  • LDAP User Search Filter - Filters can be used to restrict the numbers of users or groups that are permitted to access an application. In essence, the filter limits what part of the LDAP tree the application syncs from. Example: (&(objectClass=person)(memberOf=CN=MiaRecGroup,CN=Users,DC=domain,DC=company,DC=com))
  • "Username" attribute - An LDAP attribute name that stores the username. For example, "sAMAccountName".
  • "Phone" attribute - An LDAP attribute name that stores a phone number, optional. For example, "ipPhone". If not set, then the user's phone number is not synchronized with the LDAP server.
  • "Group" attribute - An LDAP attribute name that stores the user's group, optional. For example, "memberOf". If not set, then a default group will be applied.

LDAP Job Settings

Default settings for new users

Under this section, you can fill in the following default settings for a newly imported user from the LDAP directory.

  • Web portal access - specify whether the user has rights to login to the MiaRec web portal.
  • Default group - Default group assigned to the user.
  • Default role - Default role assigned to the user.

  • Default recording settings - Recording rule for this user. Supported values:

    • Always - Always record the calls of this user.
    • On-demand - The user may switch on/off recording during a call.
    • Never - Disable recording of this user.
    • Default - Use the default recording rule as configured on a system level.

  • Recording direction - Direction of the call. Supported values:

    • Inbound - Inbound call.
    • Outbound - Outbound call.

    To record both inbound and outbound calls, you need to specify both of them.

Default settings for new users

Phone number normalization

Under this section, you can apply phone number normalization to "caller-id" and "called-id" call parameters when synchronizing users through LDAP using REGEX rules. For details, see Rewriting caller-ids by using REGEX rules.

Phone number normalization

For more information about other settings that can be applied to the job, see Advanced Settings.