This document describes how to synchronize Cisco Unified Communications
Manager 8.x with Lightweight Directory Access Protocol (LDAP) Directory. The
users defined in the Active Directory are synchronized into the Cisco Unified
CM database, while application users are stored only in the Cisco Unified CM
database need not be defined in the Active Directory. In Cisco Unified
Communications Manager, LDAP directory configuration takes place under these
There are no specific requirements for this document.
The information in this document is based on the Cisco Unified
Communications Manager 8.x .
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Refer to the
Technical Tips Conventions for more information on document
The Lightweight Directory Access Protocol (LDAP) provides applications
with a standard method to access and potentially modify the information stored
in the directory. This capability enables companies to centralize all user
information in a single repository available to several applications, with a
remarkable reduction in maintenance costs through the ease of adds, moves, and
You can make changes to LDAP Directory information and LDAP
Authentication settings only if synchronization from the customer LDAP
directory is enabled in the LDAP System Configuration page.
In order to access the LDAP System Configuration page, choose
System > LDAP > LDAP System from the Cisco Unified
Communications Manager Administration application.
This diagram shows how LDAP System is configured in the Cisco Unified
Communications Manager Administration page.
Choose System > LDAP > LDAP Directory and click
Add New in order to add a new Directory Replication Agreement.
In the LDAP Directory window, you specify information about the LDAP directory;
for example, the name of the LDAP directory, where the LDAP users exist, how
often to synchronize the data, and so on as shown here.
Note: Cisco recommends that you create a specific account with permissions
in order to allow it to read all user objects within the sub-tree that was
specified by the user search base. The sync agreement specifies the full
Distinguished Name of that account so that the account can reside anywhere
within that domain.
Complete these steps in order to locate LDAP directory
Choose System > LDAP > LDAP
The Find and List LDAP Directories window
From the list of records that display, click the link for the
record that you want to view.
The window displays the item that you choose.
Here you may click on Perform Full Sync Now which
should be performed after LDAP Authentication Configuration settings. Since
after this settings only CUCM should be ready to synchronize with Active
The authentication process verifies the identity of the user with the
validation of the user ID and password/PIN before access is granted to the
system. Verification takes place against the Cisco Unified Communications
Manager database or the LDAP corporate directory.
Complete these steps in order to configure the LDAP authentication
Choose System > LDAP > LDAP
The LDAP Authentication window is displayed. Enter the appropriate
configuration settings as described in the LDAP Directory window as shown
Here when you integrate with Microsoft Active Directory and the
server is Global Catalog, Enter 3268 as the LDAP Port number. If you are using
employee id as the user id enter 389 as the LDAP Port Number (Single Domain
Controller). This LDAP Port number is where Microsoft Active Directory receives
the LDAP requests.
You can now navigate to User Management > End User
and see that the users in Active Directory got synchronized with the Cisco
Unified Communications Manager database.
Note: In CUCM 8.x, if CUCM is integrated with AD then the facility to
create end-user accounts is disabled. Hence AD cannot be populated with the new
users. Refer to
Unified Communication Manager 8.x SRND for more information.