The Snom version 10.1.x is a major firmware update with many new features. Some of the improvements require configuration changes. See below for the most relevant changes which you should be aware of for a smooth migration.
TLS Server authentication
This section can apply to SIP over TLS, HTTPS as well as LDAPs
For security reasons in version 10.1.x the TLS server authentication is enabled and is not possible to switch it off, if you are planning to upgrade your phones you should make sure that:
- the server certificate of the issuer CA is already loaded on your devices, you can either manually upload or provision the certificate
- the certificate name of the server is matching the server FQDN name otherwise the setting check_fqdn_against_server_cert needs to be disabled
- in case the device is one of the new devices equipped with a SHA-2 TLS certificate you will need to import the SHA-2 Snom CA certificate in your server
For more info about TLS please refer to the page Secure provisioning of Snom phones
Since version 10.1.27.0 the full notation of substring filters can be used and some additional filters are available. Another main change on the LDAP behaviour is that the partial_lookup setting isn't anymore used for the LDAP lookup, you should define the proper search filter instead. For example:
- assuming in version 8.x your search filter was (displayName=%) and you wanted to use partial lookup (so when you search for the letters "ale" you would like to find all contacts with names: "Alex", "Alexandra", "Malewsky" etc)
- in this case, starting with version 10.1.27.0 , the filter should become (displayName=*%*)
Another example, the following filter:
will perform a query search LDAP objects containing the number into the telephoneNumber, Mobile or ipPhone attributes, Eg.: if the phone receives a call from the number 123 the LDAP query filter will be: (|(telephoneNumber=*123*)(Mobile=*123*)(ipPhone=*123*))
See more information and examples here.
Initial query should be off ("No final answer from LDAP server for request 2")
Version 10.x currently has a known issue: when "Initial query" is off, the LDAP search can in some cases return error "No final answer from LDAP server for request 2". This issue is currently being worked on (internal ID SAP-3441). If you face this issue, please enable "Initial query" as workaround, then inform Snom Support by opening a new ticket under helpdesk.snom.com .
The fix for this issue is available as of firmware version 10.1.41.1
If you are using LDAPS, you might need additional configuration, Please read carefully section "TLS Server authentication" above.
New settings for LDAP during a call
Starting with version 10 you can now define different name and number filters during the call lookup or the address book search, the settings are described as follow:
- ldap_number_filter_during_call this is the LDAP filter used to search against a number during call, when dialing, incoming call, or in connected state. This filter is used to get the name of the caller (or the callee) out of the number
- ldap_search_filter_during_call this is the LDAP filter used to search against a name during call, when dialing, incoming call, or in connected state.
- ldap_number_filter this is the LDAP filter used to search against a number during an address book search.
- ldap_search_filter this is the LDAP filer used to search against a name during an address book search.