search
www.mikopbx.comTelegram communityForum
githubEdit

Synchronization with LDAP/AD

This module is designed for bidirectional synchronization of employee account data with MikoPBX. The data source is either an Active Directory or LDAP server.

When a new employee is created in the domain, they will automatically be uploaded into MikoPBX, with an available internal number assigned to them. The information about the number will then be sent back to the domain and recorded in the employee's profile. The same will happen with their mobile phone number and photograph. As always, the setup is extremely straightforward.

Setting up Active Directory servers for user synchronization with MikoPBX

hashtag
Synchronization Parameters

For each AD/LDAP server, you can specify synchronization settings, departmental filters, or create a custom filter for complex filtering logic.

Domain controller synchronization settings

hashtag
Account Attributes

Next, you need to correctly configure the attributes for synchronizing account data.

Setting up synchronization attributes between MikoPBX and the domain

hashtag
Initial Synchronization

During the initial synchronization, the system will match the existing MikoPBX account data with the data obtained from the domain. The following fields are used for matching:

  • Email address

  • Employee name

  • Mobile phone

  • Internal phone

Testing data synchronization with AD/LDAP

hashtag
Testing and Launch

Before enabling automatic synchronization, it is recommended to test the correctness of the specified attributes by clicking the Run request button.

If all parameters are correctly specified, you will see a list of employees with attributes from the domain. This is a safe request and will not result in changes to the system.

hashtag
Next Steps

After testing, you can initiate manual or automatic data synchronization.

Status of employee synchronization between the domain and MikoPBX

In the columns "status" and "updated", you can track the current synchronization process.

hashtag
Employee Deletion or Deactivation in the Domain

When an employee is deleted or deactivated in the domain, they will remain active in MikoPBX but will be moved to a special table called “Disabled Employees in LDAP/AD.”

The account will be retained until it is manually deleted by the MikoPBX administrator.

This approach accommodates complex call routing scenarios where simply removing the employee from the route without a replacement is not feasible.

hashtag
Synchronization Conflicts

During synchronization, conflicts may occur if the system fails to create or modify employee data in MikoPBX or on the LDAP/AD server. All synchronization issues are logged by the module and recorded in a special table titled “Synchronization Conflicts.”

The MikoPBX administrator can manually resolve these issues and clear the conflicts table in the module.

hashtag
SIP Password Synchronization

The module includes an option for synchronizing SIP passwords with the domain controller. This can be useful for automatically configuring IP phones within the company based on domain data. To enable synchronization, a special attribute must be created on the domain controller side, and this attribute should be specified in the “SIP Password” field in the attribute mapping settings for synchronization.

Note that the password will be stored in plain text. With bidirectional synchronization enabled, the password value from MikoPBX will be sent to the domain and vice versa, based on the date of the last modification.

Please note: The SIP password is not the same as the domain account password; it is a separate value.

Last updated

Was this helpful?