IP Phone Services SDK LDAPSearch filter

Unanswered Question
Feb 25th, 2010

I would like to add an LDAP Search filter so that only AD user objects with an ipPhone value will be displayed on an IP Phone's corporate directory - using an IIS server so that I can query AD and span multiple child domains without being restricted by CUCM appliance to only 5 directory associations.

Attached is an example code provided by the Cisco IP Phone Services SDK but don't know how to add the LDAP filter on the ipPhone attribute.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (8 ratings)
Aaron Harrison Fri, 02/26/2010 - 05:32


I spent some time recently beating my head against those examples... then got bored and decided to write one myself.

See the attached..  not clever, not pretty, but works. Just adjust the line that points at the domain (currently set to dc=marsh,dc=local) to what you have.

I've set the LDAP filter in there so it picks up contacts and users with an ipPhone non-blank value. You can set the filter and list of attributes to retrieve to whatever you like... I've no idea how it behaves in multiple-domain scenarios however. Let me know how you get on...



Please rate helpful posts!

paulodsm2 Wed, 09/29/2010 - 07:07

Hi Aaron,

I got your files for LDAP search and when I call 'LDAPInput.asp' it opens the search options correctly, but when I press 'search' to apply the filter, it answers 'error 404'  that seems page not found.

I think it's a IIS config issue. I have set IIS to work using port 8080, set the anonymous user and a valid domain user to search for LDAP.

Do you have any tip on this ?

Thanks a lot!

Aaron Harrison Fri, 10/01/2010 - 00:50


Yep - didn't cater for different ports in that one (like I say, I'm not a 'real' developer :-) )

Adding a bit to detect the port number and insert it to the generated URLs; hopefully this will work better for you.



cisco4mab Fri, 10/01/2010 - 02:51


I'm currently experimenting with your code and while I'm getting a list from the AD when call the LDAPlist.asp as a service I'm unable to get the search to work.

I see the fields and I'm able to enter the characters but pressing the search button doesn't seem to work.



Aaron Harrison Fri, 10/01/2010 - 03:13


What happens when you search? Do you get an error, or just nothing at all?

Best thing to do would be to do a packet capture (server would be an easy place to do it, or from the back of the phone with pc port vlan access/span-to-pc port enabled); you'll be able to see whether the XML from the server looks OK and whether or not the phone attempts to do anything when you hit the button.

Post up a capture if you like.



cisco4mab Fri, 10/01/2010 - 05:22

Gues I adjusted a little to much without paying close attention to comma's and quotes.

Got the search working now to return the mobile numbers.

Is there any way to get the full list returned in an alphabatical order?

Is it also supported to get both the ipPhone and the mobile returned in a single list?

Must compliment you on the effective way of tackling this CUCM limitation.

Still can't understand why Cisco doesn't include the mobile field in AD sync..

Aaron Harrison Fri, 10/01/2010 - 06:52


Sorting is easy enough - see attached.

Listing mobiles as well as internal extensions would require a bit of work - basically the 'directory' xml object had fairly static contents. To get two numbers selectable I'd have to reimplement as a menu listing peoples names, with two softkeys for 'mobile' and 'extn', or just pick someone from the menu and that would return any available numbers that would be selectable.



Ian Walton Mon, 09/26/2011 - 02:59

Hi - Has anybody got a working script which they are prepared to share to display multiple numbers (e.g. ipPhone, mobile etc.) for a directory entry ?

paulodsm2 Fri, 10/01/2010 - 03:14

yep. I have already realized  that...


Dim sURL: sURL = "http://" & request.servervariables("SERVER_NAME") & ":" & request.servervariables("server_port") & replace(request.servervariables("url"), "LDAPInput.asp", "LDAPList.asp")


mbasiouny Fri, 12/31/2010 - 06:39

Aaron, I made some changes to your scripts, simply added additional fields to allow search by Telephone number, but for some reason I cannot use Numpad, the script accepts only letters.

Is there a way to change this behavior?

Kind regards,

mbasiouny Fri, 12/31/2010 - 09:44


Changing the T in the XML file has done the magic

But now I have yet another problem,

I made new changes to the script to parse the User's Mail and Department along with his Full name & Telephone.

When I open the script in a web browser, everything works as expected "see below"

However CIPC displays only the User's Full name and Telephone Number.

Any explanation

Thank you in advance

superjay007 Wed, 05/11/2011 - 14:42

You've done a fantastic job with the script so far.

Thought you might like to know I couldn't get it working on Server 2003 with IIS6. When I moved the scripts to IIS7 on Server 08 with AD, the LDAP query worked first time.



Aaron Harrison Wed, 07/27/2011 - 15:48


Hmm... I wrote it on 2003 originally. I guess it's a difference in the security setup in IIS, there's not much to the code :-)


Nelson Alonso Mon, 08/22/2011 - 19:48

I've been looking for this all over. Would this work with an authenticated bind to an ldap server? If so, which paramter do I update to enter the LDAP user and password?

Any help would be appreciated. Thanks in advance.

Aaron Harrison Tue, 08/23/2011 - 00:02


Generally what I do is set the application in IIS to run under the account you want it to use - this can be a standard account by default (i.e. a normal, non-admin user has rights to read all that is required in AD). Setting it this way means you don't have to enter it into any text/config files, just the IIS dialog boxes.

On a domain-member machine you can just run it under an AD account directly.

On a non-member server you would have to create a local account with the same exact username/password as an equivalent domain account, and run it under that. It should passthrough authenticate the two.



wirawanagahari Tue, 07/03/2012 - 02:54

does this script work with openLDAP? because i'm still looking for the script that work not only with AD but also with OpenLDAP.


This Discussion