Configuring Routing Rules based on Microsoft Entra ID
The following procedure describes how to configure outbound IP routing based on LDAP queries.
| ➢ | To configure LDAP-based IP routing for Skype for Business: |
| 1. | Configure the LDAP server parameters, as described in Configuring LDAP Servers. |
| 2. | Configure the Microsoft Entra ID attribute names used in the LDAP query: |
| a. | Open the LDAP Settings page (Setup menu > IP Network tab > AAA Servers folder > LDAP Settings). |
| b. | Configure the LDAP attribute names as desired. |
| 3. | Gateway application: Configure Tel-to-IP routing rules: |
| a. | Open the Tel-to-IP Routing table (see Configuring Tel-to-IP Routing Rules). |
| b. | Configure query-result routing rules for each IP domain (private, PBX / IP PBX, Teams / Skype for Business clients, and mobile), using the LDAP keywords (case-sensitive) for the prefix destination number: |
| ◆ | PRIVATE: Private number |
| ◆ | OCS: Skype for Business client number |
| ◆ | PBX: PBX / IP PBX number |
| ◆ | MOBILE: Mobile number |
| ◆ | LDAP_ERR: LDAP query failure |
| a. | Configure a routing rule for routing the initial Tel call to the LDAP server, using the value "LDAP" (without quotation marks) for denoting the IP address of the LDAP server. |
| b. | For alternative routing, enable the alternative routing mechanism and configure corresponding SIP reasons for alternative routing. For this feature, alternative routing starts from the table row located under the LDAP query row. |
| 4. | SBC application: Configure IP-to-IP routing rules: |
| a. | Open the IP-to-IP Routing table (see Configuring SBC IP-to-IP Routing Rules). |
| b. | Configure query-result routing rules for each IP domain (private, PBX / IP PBX, Teams / Skype for Business clients, and mobile), using the LDAP keywords (case-sensitive) in the 'Destination Username Pattern' field: |
| ◆ | PRIVATE: Private number |
| ◆ | OCS: Skype for Business client number |
| ◆ | PBX: PBX / IP PBX number |
| ◆ | MOBILE: Mobile number |
| ◆ | LDAP_ERR: LDAP query failure |
| a. | Configure a routing rule for routing the initial call (LDAP query) to the LDAP server, by setting the 'Destination Type' field to LDAP for denoting the IP address of the LDAP server. |
| b. | For alternative routing, enable the alternative routing mechanism and configure corresponding SIP reasons for alternative routing. For this feature, alternative routing starts from the table row located under the LDAP query row. |
The table below shows an example for configuring Tel-to-IP routing rules based on Microsoft Entra ID in the Tel-to-IP Routing table:
Examples of Tel-to-IP Routing Rules based on Microsoft Entra ID
|
Index |
Destination Phone Prefix |
Destination IP Address |
|---|---|---|
|
1 |
PRIVATE: |
10.33.45.60 |
|
2 |
PBX: |
10.33.45.65 |
|
3 |
OCS: |
10.33.45.68 |
|
4 |
MOBILE: |
10.33.45.100 |
|
5 |
LDAP_ERR |
10.33.45.80 |
|
6 |
* |
LDAP |
|
7 |
* |
10.33.45.72 |
The table below shows an example for configuring SBC routing rules based on Microsoft Entra ID in the IP-to-IP Routing Table:
Examples of SBC IP-to-IP Routing Rules based on Microsoft Entra ID
|
Index |
Destination Username Pattern |
Destination Type |
Destination Address |
|---|---|---|---|
|
1 |
PRIVATE: |
Dest Address |
10.33.45.60 |
|
2 |
PBX: |
Dest Address |
10.33.45.65 |
|
3 |
OCS: |
Dest Address |
10.33.45.68 |
|
4 |
MOBILE: |
Dest Address |
10.33.45.100 |
|
5 |
LDAP_ERR |
Dest Address |
10.33.45.80 |
|
6 |
* |
LDAP |
- |
|
7 |
* |
Dest Address |
10.33.45.72 |
The configured routing rule example is explained below:
| ■ | Rule 1: Sends call to private telephone line (at 10.33.45.60) upon successful Microsoft Entra ID query result for the private attribute. |
| ■ | Rule 2: Sends call to IP PBX (at 10.33.45.65) upon successful Microsoft Entra ID query result for the PBX attribute. |
| ■ | Rule 3: Sends call to the client (i.e., Mediation Server at 10.33.45.68) upon successful Microsoft Entra ID query result for the Skype for Business attribute. |
| ■ | Rule 4: Sends call to user's mobile phone number (to PSTN through the device's IP address at 10.33.45.100) upon Microsoft Entra ID query result for the Mobile attribute. |
| ■ | Rule 5: Sends call to IP address of device (10.33.45.80) upon Microsoft Entra ID query failure (e.g., no response from LDAP server or attribute not found). |
| ■ | Rule 6: Sends query for original destination number of received call to the LDAP server. |
| ■ | Rule 7: Alternative routing rule that sends the call of original dialed number to IP destination 10.33.45.72. This rule is applied in any of the following cases |
| ● | LDAP functionality is disabled. |
| ● | LDAP query is successful but call fails (due to, for example, busy line) to all the relevant attribute destinations (private, Skype for Business, PBX, and mobile), and a relevant |
Once the device receives the original incoming call, the first rule that it uses is Rule 6, which queries Microsoft Entra ID. When Microsoft Entra ID replies, the device searches the table, from the first rule down, for the matching destination phone prefix (i.e., "PRIVATE:, "PBX:", "OCS:", "MOBILE:", and "LDAP_ERR:"), and then sends the call to the appropriate destination.