This document describes how to synchronize Cisco Unified Communications Manager 8.x with Lightweight Directory Access Protocol (LDAP) Directory. The users defined in the Active Directory are synchronized into the Cisco Unified CM database, while application users are stored only in the Cisco Unified CM database need not be defined in the Active Directory. In Cisco Unified Communications Manager, LDAP directory configuration takes place under these settings:
There are no specific requirements for this document.
The information in this document is based on the Cisco Unified Communications Manager 8.x .
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
The Lightweight Directory Access Protocol (LDAP) provides applications with a standard method to access and potentially modify the information stored in the directory. This capability enables companies to centralize all user information in a single repository available to several applications, with a remarkable reduction in maintenance costs through the ease of adds, moves, and changes.
You can make changes to LDAP Directory information and LDAP Authentication settings only if synchronization from the customer LDAP directory is enabled in the LDAP System Configuration page.
In order to access the LDAP System Configuration page, choose System > LDAP > LDAP System from the Cisco Unified Communications Manager Administration application.
This diagram shows how LDAP System is configured in the Cisco Unified Communications Manager Administration page.
Choose System > LDAP > LDAP Directory and click Add New in order to add a new Directory Replication Agreement. In the LDAP Directory window, you specify information about the LDAP directory; for example, the name of the LDAP directory, where the LDAP users exist, how often to synchronize the data, and so on as shown here.
Note: Cisco recommends that you create a specific account with permissions in order to allow it to read all user objects within the sub-tree that was specified by the user search base. The sync agreement specifies the full Distinguished Name of that account so that the account can reside anywhere within that domain.
Complete these steps in order to locate LDAP directory configurations.
Choose System > LDAP > LDAP Directory.
The Find and List LDAP Directories window displays.
From the list of records that display, click the link for the record that you want to view.
The window displays the item that you choose.
Here you may click on Perform Full Sync Now which should be performed after LDAP Authentication Configuration settings. Since after this settings only CUCM should be ready to synchronize with Active Directory.
The authentication process verifies the identity of the user with the validation of the user ID and password/PIN before access is granted to the system. Verification takes place against the Cisco Unified Communications Manager database or the LDAP corporate directory.
Complete these steps in order to configure the LDAP authentication information.
Choose System > LDAP > LDAP Authentication.
The LDAP Authentication window is displayed. Enter the appropriate configuration settings as described in the LDAP Directory window as shown below.
Here when you integrate with Microsoft Active Directory and the server is Global Catalog, Enter 3268 as the LDAP Port number. If you are using employee id as the user id enter 389 as the LDAP Port Number (Single Domain Controller). This LDAP Port number is where Microsoft Active Directory receives the LDAP requests.
You can now navigate to User Management > End User and see that the users in Active Directory got synchronized with the Cisco Unified Communications Manager database.
Note: In CUCM 8.x, if CUCM is integrated with AD then the facility to create end-user accounts is disabled. Hence AD cannot be populated with the new users. Refer to Cisco Unified Communication Manager 8.x SRND for more information.