LDAP in the Oracle® Enterprise Session Border Controller
Lightweight Directory Access Protocol (LDAP) is the Protocol that the Oracle® Enterprise Session Border Controller uses to perform queries to the Enterprise’s Active Directory to determine where to route incoming calls (to the call server or the IP PBX) in the Enterprise network. Session requests and responses are sent/received based on the Oracle® Enterprise Session Border Controller’s LDAP routing configuration. LDAP determines the destination (call server user or non-call server user) and forwards the call accordingly.
The Oracle® Enterprise Session Border Controller, using LDAP, performs the following on an inbound call:
- Creates an LDAP search filter based on the dialed number and the configured LDAP attributes.
- Sends an LDAP search query to the configured LDAP Server.
- Creates a route list based on the query response received from the LDAP Server.
- Routes calls to both the call server and the IP PBX. The routing order is dependent on the LDAP attribute configuration and/or whether there was an exact match for the dialed phone number in the Enterprise’s Active Directory for the call server or the IP-PBX.
Note:
You configure LDAP Servers, filters, and local policy routing using the ACLI objects and attributes. For more information about configuring LDAP, see Configuring LDAP.The Oracle® Enterprise Session Border Controller keeps a permanent LDAP session open to all configured call servers. It sends an LDAP bind request on all established connections, to those servers. The first call server is considered the primary LDAP Server, and all others are secondary LDAP servers. If a query request sent to the primary server fails, the Oracle® Enterprise Session Border Controller sends the request to the next configured LDAP Server, until the request is successful in getting a response. If no response is received by the Oracle® Enterprise Session Border Controller and the Oracle® Enterprise Session Border Controller cannot find another route successfully, (all Oracle® Enterprise Session Border Controller configured attributes have been exhausted (local policies, policy attributes, etc.)), it sends a busy to the caller.
LDAP performs call routing based on LDAP attributes configured on the Oracle® Enterprise Session Border Controller. The route-mode attribute setting determines how LDAP handles the called number when accessing the Enterprise’s Active Directory. Routing modes can be set to any of the following:
- Exact-match-only (default)
- Attribute-order-only
- Exact-match-first
The following paragraphs describe each of these route-modes.
Exact-match-only
If the LDAP route-mode attribute is set to exact-match-only, the Oracle® Enterprise Session Border Controller performs as follows.
The Oracle® Enterprise Session Border Controller receives an incoming call to the Enterprise network. If the LDAP route-mode attribute on the Oracle® Enterprise Session Border Controller is set to exact-match-only, LDAP queries the Active Directory to find the number that matches exactly to the incoming number. If the number is found, the Oracle® Enterprise Session Border Controller forwards the call to the client’s applicable phone in the Enterprise network.
| Number | Description |
|---|---|
| ① | Call comes into the Enterprise network (+1.781.328.4413) |
| ② | Using the configured route-mode of exact-match-only, LDAP queries the exact matching number in the Enterprise’s Active Directory. |
| ③ | The Active Directory finds the matching number and that number is included in the response to the LDAP query. |
| ④ | The Oracle® Enterprise Session Border Controller forwards the call to the destination phone number (same number as the number that initially called into the Enterprise in Step 1 (+1.781.328.4413)). |
Attribute-order-only
If the LDAP route-mode attribute is set to attribute-order-only, the Oracle® Enterprise Session Border Controller performs as follows.
The order in which the LDAP attributes are configured on the Oracle® Enterprise Session Border Controller determines the priority of each route. If an incoming call is destined for the IP-PBX , but the attribute name for a Lync client is configured first, the Oracle® Enterprise Session Border Controller uses the corresponding next hop (Lync Server) to create the first route in the route list.
An entry in an LDAP search response must have at least one attribute that it matches in the Active Directory.
For example, the incoming phone number could be +1.781.328.4392 (which matches the IP-PBX phone number), and the attribute name msRTCSIP-Line (Lync attribute) in the response could be +1.781.430.7069 (Lync phone number). A route is created for the Lync phone number, even though the incoming phone number matches the IP-PBX phone number, since the msRTCSIP-Line attribute was configured first. Therefore, the Oracle® Enterprise Session Border Controller forwards the call to the Lync destination.
Likewise, if an Enterprise uses the same phone number for both Lync and IP-PBX phones, and the attribute-name msRTCSIP-Line is configured first (a Lync attribute), the Oracle® Enterprise Session Border Controller uses the corresponding next hop (Lync Server) to create the first route in the route list.
| Number | Description |
|---|---|
| ① | Call comes into the Enterprise network (+1.781.328.4392) |
| ② | Using the configured route-mode of attribute-order-only, LDAP queries the Active Directory for the matching number. |
| ③ | The Active Directory responds with the phone number associated with the first configured LDAP attribute (+1.781.430.7069).
In the illustration above, the number was associated with a Lync Client (msRTCSIP-Line) that was configured first in the LDAP configuration. |
| ④ | The Oracle® Enterprise Session Border Controller forwards the call to the applicable destination phone number from the Active Directory response. (+1.781.430.7069). |
If you configure the attribute name msRTCSIP-Line first, the Oracle® Enterprise Session Border Controller uses the corresponding next hop (Lync Server) to create the second highest priority route in the route list. For example, the dialed telephone number could be +1.781.328.4392 (IP-PBX phone number), and the attribute-name msRTCSIP-Line in the response could be +1.781.430.7069 (Lync phone number). A route is created for the Lync phone number, even though the dialed telephone number is the PBX phone number.
Exact-match-first
If the LDAP route-mode attribute is set to exact-match-first, the Oracle® Enterprise Session Border Controller performs as follows.
When the LDAP query is sent to the Active Directory, the first exact match of the incoming phone number that the LDAP query finds in the Directory, is the number whose corresponding route gets the highest priority in the route list. For all other routes configured on the Oracle® Enterprise Session Border Controller, the ordering of LDAP attributes in the LDAP configuration determines the priority for each route.
For example, if the incoming number is +1.405.565.1212, and the Active Directory includes a configured mobile number first (+1.201.444.5555), a home number second (+1.405.333.6666) , and a work number third(+1.405.565.1212), the LDAP query searches the mobile number first, then the home number, then finds the exact match on the work phone number. The Active Directory responds with the destination information for the work phone number and the Oracle® Enterprise Session Border Controller creates a route list with this exact phone number, and then forwards the call accordingly.
| Number | Description |
|---|---|
| ① | Call comes into the Enterprise network (+1.405.565.1212) |
| ② | Using the configured route-mode of exact-match-first, LDAP queries the Active Directory for the matching number. |
| ③ | The LDAP query searches throughout the Active Directory until it finds the first exact match on the number. Active Directory responds with the exact phone number associated with the incoming number (+1.405.565.1212).
In the illustration above, the number was associated with the work phone. |
| ④ | The Oracle® Enterprise Session Border Controller forwards the call to the applicable destination phone number from the Active Directory response. (+1.405.565.1212). |
