Cisco Prime Collaboration Assurance Guide - Advanced, 10.0
Managing Users
Downloads: This chapterpdf (PDF - 1.5MB) The complete bookPDF (PDF - 8.14MB) | Feedback

Managing Users

Managing Users

Prime Collaboration supports built-in static roles for Prime Collaboration Assurance and Prime Collaboration Provisioning, with predefined access control that enables you to perform different tasks.

Prime Collaboration supports creation of user roles. In Prime Collaboration Assurance-Standard, a user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator can perform. Prime Collaboration Assurance- Advanced supports several user roles.

Prime Collaboration Assurance-Advanced User Roles

User roles are used to define the authorizations of tasks that users can access.

A user can be assigned one of the following roles:

  • Helpdesk—Views and accesses network status information only and cannot perform any action on a device or schedule a job that reaches the network.
  • Operator—Performs all Helpdesk tasks and tasks related to network data collection. Cannot perform any Device Work Center operations such as adding, discovering, or importing devices. Also, an operator will not be able to configure thresholds for Alarms and Events
  • Network administrator—Performs all Operator tasks and tasks that result in a network configuration change like credential management, threshold settings, and so on.
  • System administrator—Performs Assurance UI-related administration tasks such as backup and restore, maintaining log files, configuring users, and so on.
  • Super administrator—Can perform tasks that both system administrator and network administrator can perform.

Helpdesk is a preselected role that is assigned to every user in Prime Collaboration.

Prime Collaboration Provisioning User Roles

Two types of global Provisioning user roles are available: global and domain specific.

The global Provisioning user is typically an IP telephony expert who configures Prime Collaboration Provisioning business abstractions for voice applications. The domain-specific Provisioning user can be an administrator for a single domain but can be a user for multiple domains.

The user roles for Prime Collaboration Provisioning are explained in Table 1.

Table 1 Authorization Roles

Authorization Role

Description

Global Roles

Administration

Has access to all Provisioning functionality.

Maintenance

Authorized to configure system cleanup activities. See Maintenance Mode. See Cisco Prime Collaboration Provisioning Guide, 10.0 .

Roles for Domain

In the drop-down list, select the Domain for which you are setting the authorization roles. The selected roles only apply to the selected Domain. To apply the same authorization role to all available domains, select Apply to all domains.

Note   

If the administrator selects Apply to all domains, existing roles of the user in all the domains will be overridden with the current selection.

Policy

Authorized to view phone button templates, modify user roles, and add or update phone inventory.

Infrastructure Configuration Management

Authorized to provision infrastructure configuration objects. When you select this role, you must also select a profile from the Permission Profile box.

Permission Profiles

Sets the permissions for which infrastructure configuration object users assigned this authorization role can configure. (For information on setting permissions, see Cisco Prime Collaboration Provisioning Guide, 10.0 .

SelfCare User

Authorized to manage his own services; set up lines, manage services, and configure phone options quickly and easily.

Note   

In the standalone Prime Collaboration Provisioning application, you can enable or disable Self-Care while adding both users. The Self-Care check box is not available while adding users. However, after creating a user, you can assign Self-Care role from the Manage User page. See Cisco Prime Collaboration Provisioning Guide, 10.0 .

Ordering Roles

Users assigned these roles are allowed to place orders for other users and themselves.

Ordering

Authorized to:

  • Add, delete, or update a user within a Domain.
  • Add, delete, or update a user role within a Domain (if the rule for that Domain permits it).
  • Add, delete, or update phones in the inventory within a Domain (if the rule for that Domain permits it).
  • Search and view detailed user information within a Domain.
  • Place an order for a user within a Domain.

Advanced Ordering

Authorized to access all the functionality specified by the Ordering role; can also access Advanced Order Options in the Order Entry page.

Advanced Assignment

Authorized to access all the functionality specified by the Ordering role, and to assign the MAC address for a phone product at the time of order entry.

Activity Roles

Users assigned one of these roles can perform activities assigned to the group during order processing.

Approval

Authorized to accept and complete the approval for orders.

Assignment

Authorized to accept the user activity for assigning the MAC address.

Shipping

Authorized to accept and complete shipping of orders.

Receiving

Authorized to accept and complete receiving of orders.


Note


  • globaladmin and domain admin can create Self-Care roles for any user. Self-Care role can be assigned to a user from the Manage Users page in the standalone Prime Collaboration Provisioning only. For more information, see "Creating a Self-Care Account" in the Cisco Prime Collaboration Provisioning Guide, 10.0 .
  • In the converged mode, you cannot import a user associated with a Self-Care role into the Prime Collaboration Assurance application.

The Managing Subscribers and Users chapter in Cisco Prime Collaboration Provisioning Guide, 10.0 provides detailed information on how to manage users.

Single Sign-On for Prime Collaboration

Prime Collaboration provides users with admin privileges to enable Single Sign-On (SSO) in Prime Collaboration Assurance and Prime Collaboration Provisioning using Security Assertion Markup Language (SAML).

You can enable SSO in Prime Collaboration Provisioning to cross-launch the following UC applications:
  • Cisco Unified Communications Manager
  • Cisco Unity Connection
  • Cisco Unified Presence

Note


To cross-launch the UC applications without the need for login credentials, ensure that SSO for those applications are configured on the same IdP server as that of Prime Collaboration.

Ensure that the following prerequisites are met before you enable SSO:

  • Prime Collaboration Provisioning is configured to use Secure Socket Layer (SSL). SSL needs to be enabled before you enable SSO for Provisioning. For the steps to enable SSL in Prime Collaboration Provisioning, see section "Enabling SSL for Prime Collaboration Provisioning" in the Cisco Prime Collaboration 10.0 Provisioning Guide.

    Note


    By default, SSL is enabled in Prime Collaboration Assurance application.
  • At least one LDAP Administrative user exists in the system – through LDAP synchronization in Prime Collaboration Provisioning and by manually creating an LDAP administrative user in Prime Collaboration Assurance. For information on how to provide administrative privileges to a user in Prime Collaboration Provisioning, see "Managing Users" in the Cisco Prime Collaboration Provisioning Guide, 10.0 .
  • An Identity Provider (IdP) server that enables you to use SSO to access many other applications from a single hosted application and a Service Provider. The Service Provider is a website that hosts the applications.
    Following are the supported third-party IdP servers:
    • Open Access Manager (OpenAM)
    • Ping Identity
    • Active Directory Federation Services (ADFS)
    • Oracle Identity Manager
    For the steps to setup an IdP server, see the SAML SSO Deployment Guide for Cisco Unified Communication Applications, Release 10.0(1).
  • Download the Identity Provider metadata file from the IdP server and save it in your local system.

To enable Single Sign-on:


    Step 1   Choose Administration -> Single Sign-on.
    Step 2   Click Enable SSO.

    A warning message is displayed stating, Enabling SSO redirects you to the IdP server for authentication from the next login. To access the application, you will need to be authenticated successfully.

    Note    Enable SSO is disabled if the above mentioned prerequisites are not met.
    Step 3   Click Continue.
    Step 4   Follow the steps provided in the SSO wizard to enable Single Sign-On.
    1. Locate the IdP metadata file from your local system and click Import IdP Metadata.
    2. Click Download Trust Metadata file.
    3. Launch the IdP server and import the downloaded Trust Metadata file.
      Note    This is a manual step for Enabling SSO. You need to create a Circle of Trust (CoT) in the IdP server and log out before you proceed with the SSO testing.
    4. To run SSO Test Setup, select a username from the Valid Administrative Usernames drop-down.
      Note    Using any other username to log in to the IdP server might lock the administrator account.
    5. Click Run SSO Test to test the connectivity among the IdP server, Prime Collaboration Applications, and Single Sign-On. If you are prompted with an error message, Unable to do Single Sign-On or Federation:
      • Manually log in to the IdP server using the end user credentials and check if the authentication is successful.
      • Verify if the Trust Metadata file is successfully uploaded in the IdP server.
      • Verify if the Prime Collaboration server and the IdP server are part of the same Circle of Trust.
    6. Click Finish.
    In the converged mode, Prime Collaboration uses the Provisioning setup to cross launch the Cisco Unified CM, Cisco Unity Connection and Cisco Unified Presence applications.

    Troubleshooting and Logs for SSO

    • When you are logged out of the Prime Collaboration server while enabling SSO, it is recommended that you close the browser and re-launch the Prime Collaboration application. Because, though your session expires in Prime Collaboration server, the IdP server session might still be active.
    • You can find the log file (ssosp*.log) for Prime Collaboration Provisioning in the /opt/cupm/sep/logs directory and for Prime Collaboration Assurance in the /opt/emms/tomcat/webapps/emsam/log/sso directory.
    • While enabling SSO, ensure that the hostname for Prime Collaboration is set and is part of DNS.
    When IdP server is down, you can:
    • Use the recovery URL- https://<PCserver IP address or host name that is part of DNS>/ssosp/local/login.
    • Disable Single Sing-On from CMD Utility.
    To disable SSO from CMD utility in Prime Collaboration applications:
    • Log in to Prime Collaboration Provisioning server using SSH with port 22, for Prime Collaboration Assurance it is 26.
    • Navigate to the /opt/cupm/sep/build/bin directory for Prime Collaboration Provisioning and /opt/emms/emsam/bin directory for Prime Collaboration Assurance. Add <Operation> and <Value> entries for cpcmconfigsso.sh file based on the table below:
    Operations can be .. Values can be ..
    1-To get the Single Sign-On status Not applicable
    2-To get the recovery URL status Not applicable
    3-To set the Single Sign-On status False
    Note    You cannot enable SSO through CLI. Use the UI procedure to enable SSO.
    4-To set the recovery URL status True or False
    • To disable SSO, run the following command:

    cpcmconfigsso.sh 3 false


    Note


    By default, the recovery URL is enabled. If you want to disable it for security reasons, set it as false.

    Default User Accounts

    Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Prime Collaboration Assurance and Prime Collaboration Provisioning UIs.

    Specify a password for globaladmin when you configure your virtual appliance (for either stand-alone products or converged application. You need to use these credentials when you launch the Prime Collaboration web client for the first time.

    Prime Collaboration Assurance and Prime Collaboration Provisioning servers support these CLI users: admin and root.

    You cannot create CLI users using the web client UI. CLI users are created during OVA configuration. By default, the username is admin; the password is specified during OVA configuration and is used to log into the CLI to check the application status and perform backup and restore.


    Caution


    We recommend that you write down the root password as it cannot be retrieved.



    Note


    • The users defined in the Prime Collaboration web client are different from the users defined on the Prime Collaboration server (CLI).
    • CLI users are not listed on the Prime Collaboration User Management page.
    • globaladmin and root follow same set of password validation rules, but the rules for admin are different. See the Cisco Prime Collaboration 10.0 Quick Start Guide for password validation rules for these users.

    If you are logging in for the first time to the Prime Collaboration Assurance or Prime Collaboration Provisioning web client, log in as globaladmin.

    You, as a globaladmin, must create other administrators using real user-IDs as they can be tracked in Audit Trail and in the Prime Collaboration Provisioning order tracking system.


    Caution


    You must not create a user with the name: globaladmin, pmadmin and admin.


    When you integrate the Prime Collaboration Provisioning application with Prime Collaboration Assurance, you can import users with domain-specific and global Provisioning roles (who do not have Self-Care roles associated) to the Prime Collaboration Assurance application using the “Import” functionality in the Administration > User Management page. You must refresh the “User Management” page to see the list of imported users.


    Note


    You cannot import a Prime Collaboration Provisioning Self-Care user to the Prime Collaboration Assurance application.


    You can then check the /opt/emms/emsam/log/importedprovisioninguser.log file, by logging in as a root user, to find the users who were not imported into Prime Collaboration Assurance database due to several reasons such as duplicate usernames (usernames already used in Prime Collaboration Assurance), usernames with no passwords and so on.

    However, when you integrate a freshly installed Prime Collaboration Provisioning application (that contains no user data) with the Prime Collaboration Assurance application, and you wish to create a common user for both Prime Collaboration Assurance and Prime Collaboration Provisioning, you must perform the following tasks as prerequisites:

    The users thus created via Add User feature are associated with the web client only and cannot log in to the Prime Collaboration Assurance or Prime Collaboration Provisioning server through the CLI.

    The Prime Collaboration Assurance and Prime Collaboration Provisioning applications do not share inventory database. You must manage the devices separately to perform the assurance and provisioning-related tasks. See Managing Devices to perform device management tasks using the Prime Collaboration Assurance application. See Cisco Prime Collaboration 10.0 Provisioning Guide to perform device management and provisioning tasks using the Prime Collaboration Provisioning application.

    User Roles and Tasks

    Table 4-2 lists the Prime Collaboration Assurance user roles and tasks they are mapped to.

    Note that Super administrator has access to all of the UI menus and can perform all tasks listed in the table below. Thus, the super administrator is not listed in the following table.

    Table 2 Prime Collaboration Assurance User Roles and Task Mapping

    Navigation

    Task

    System Administrator

    Network Administrator

    Operator

    Helpdesk

    Home

    View Video and Voice Collaboration Dashlets

    Yes

    Yes

    Yes

    Yes

    Customize Dashlets

    Yes

    Yes

    Yes

    Yes

    Launch Alarm Browser

    Yes

    Yes

    Yes

    Yes

    Launch Alarm Summary

    Yes

    Yes

    Yes

    Yes

    Operate> Diagnose > Sessions Diagnostics

    Monitor Sessions

    Yes

    Yes

    Yes

    No

    Import Sessions

    Yes

    Yes

    Yes

    No

    Launch 360ø Session View

    Yes

    Yes

    Yes

    No

    From 360ø Session View: Add to watch list

    Yes

    Yes

    Yes

    No

    From 360ø Session View: See alarms

    Yes

    Yes

    Yes

    No

    From 360ø Session View: Monitor Endpoint

    Yes

    Yes

    Yes

    No

    From 360ø Session View: Troubleshoot session or export troubleshoot data

    Yes

    Yes

    Yes

    No

    From topology view (endpoints): Add to watch list or remove from watch list

    Yes

    Yes

    Yes

    No

    From topology view (endpoints): See alarms

    Yes

    Yes

    Yes

    No

    From topology view (endpoints): Monitor Endpoint

    Yes

    Yes

    Yes

    No

    From topology view (network connection): Troubleshoot network link

    Yes

    Yes

    Yes

    No

    Operate > Diagnose > Endpoint Diagnostics

    Monitor endpoint

    Yes

    Yes

    Yes

    Yes

    Launch quick view

    Yes

    Yes

    Yes

    Yes

    From quick view: Add to watch list or remove from watch list

    Yes

    Yes

    Yes

    No

    From quick view: See alarms

    Yes

    Yes

    Yes

    Yes

    From quick view: Monitor Session

    Yes

    Yes

    Yes

    No

    Operate > Diagnose > Diagnostics Summary

    View Diagnostics Summary

    Yes

    Yes

    Yes

    Yes

    Operate > Diagnose > IP-SLA Diagnostics

    Start a troubleshooting session

    Yes

    Yes

    Yes

    No

    Operate > Diagnose > Media Path Analysis

    Start Media Path Analysis

    Yes

    Yes

    Yes

    No

    Operate > Alarms & Events > Alarms

    View Alarms

    Yes

    Yes

    Yes

    Yes

    Change Status

    Yes

    Yes

    Yes

    Yes

    Assign an Alarm

    Yes

    Yes

    Yes

    Yes

    Add an annotation

    Yes

    Yes

    Yes

    Yes

    Email Notification

    Yes

    Yes

    Yes

    Yes

    Launch quick view

    Yes

    Yes

    Yes

    Yes

    From quick view: Monitor Endpoint

    Yes

    Yes

    Yes

    Yes

    From quick view: See Event History

    Yes

    Yes

    Yes

    Yes

    Operate > Alarms & Events > Events

    View Events

    Yes

    Yes

    Yes

    Yes

    Operate > Device Work Center

    Manage credentials

    Yes

    Yes

    Yes

    Yes

    Discover devices

    Yes

    Yes

    Yes

    Yes

    Update Inventory

    Yes

    Yes

    Yes

    Yes

    Manage Clusters

    Yes

    Yes

    Yes

    Yes

    Import Inventory

    Yes

    Yes

    Yes

    Yes

    Export Inventory

    Yes

    Yes

    Yes

    Yes

    Discover jobs

    Yes

    Yes

    No

    No

    Edit Visibility (Edit button)

    No

    No

    No

    No

    Customize Events

    Yes

    Yes

    Yes

    Yes

    Suspend device management

    Yes

    Yes

    Yes

    Yes

    Resume device management

    Yes

    Yes

    Yes

    Yes

    Adding to Group

    Yes

    Yes

    Yes

    Yes

    Remove from Group

    No

    No

    No

    No

    Import devices

    Yes

    Yes

    No

    No

    Export devices and credential list

    Yes

    Yes

    No

    No

    Operate > UC Topology View

    View voice dashlets/summary

    Yes

    Yes

    Yes

    Yes

    Analyze

    • Technology Adoption
    • Asset Usage
    • Charge Back
    • Network Resource Utilization
    • Traffic Trends

    View Reports

    Yes

    Yes

    No

    No

    Reports >

    • Interactive Reports
    • Static Reports
    • Administrative Reports

    Generate reports

    Yes

    Yes

    Yes

    Yes (excluding Administrative Reports)

    Administration > Job Management

    Manage jobs

    Yes

    Yes

    No

    No

    Schedule jobs

    Yes

    Yes

    No

    No

    Cancel jobs

    Yes

    Yes

    No

    No

    Administration > User Management

    View users

    Yes

    Yes

    No

    No

    Add users

    Yes

    Yes

    No

    No

    Edit users

    Yes

    Yes

    No

    No

    Delete users

    Yes

    Yes

    No

    No

    Reset password

    Yes

    Yes

    No

    No

    Change password

    Yes

    Yes

    Yes

    Yes

    Administration > License Management

    View license details

    Yes

    Yes

    No

    No

    Add license

    Yes

    Yes

    No

    No

    Delete license

    No

    Yes

    No

    No

    Administration > System Setup > Assurance Setup

    Configure all system parameters (General Settings, Cisco Prime 360 Integration, CDR Trunk Utilization settings, Call Quality Data Source Management, LDAP Settings, Log Settings, SFTP Settings, IP Phone Inventory Collection Settings, IP Phone XML Inventory Collection Settings, Cluster Data Discovery Settings)

    Yes

    Yes

    No

    No

    Administration > Alarm & Event Configuration > Event Customization

    Customizing event monitoring and severity. Also, defining the threshold value for automatic troubleshooting.

    Yes

    Yes

    No

    No

    Table 4-3 lists the Prime Collaboration Provisioning user roles and the tasks they are mapped to. The domain roles that perform a specific task has been mentioned. However, the Administration user role can perform all of the Prime Collaboration Provisioning tasks.

    Table 3 Prime Collaboration Provisioning User Roles and Task Mapping

    Navigation

    Task

    Domain Roles

    Global Roles

    Home > Provisioning > Unified Provisioning Manager Capacity

    View information on how much licenses that you have used from the available set.

    Not Applicable

    Administration

    Home > Provisioning > Pending Order Status

    View pending orders

    Ordering, advanced ordering, advanced assignment, policy, infraConfigManagement,assignment, approval, shipping, receiving

    Administration

    Home > Provisioning > Device Sync Status

    View device sync status

    Ordering, advanced ordering, advanced assignment

    Administration

    Home > Provisioning > Deployment Details

    View deployment details

    Ordering, advanced ordering, advanced assignment

    Administration

    Home > Provisioning > Locked Users

    View locked users- users locked after a specified number of failed login attempts

    Not Applicable

    Administration

    Home > Provisioning > Logged In Users

    View users who are logged in to the application

    Not Applicable

    Administration

    Design > Set Up Devices

    Set up devices, Call Processors, Unified Message Processors, Unified Presence Processors, AAA servers

    Not Applicable

    Administration

    Design > Set Up Deployment

    Create Domains, Service Areas, Provisioning Template, Quick Site Builder

    Not Applicable

    Administration

    Create Subscriber Roles

    Policy

    Administration

    Deploy > Subscriber Management

    Add Subscriber, Search Subscriber

    Ordering, advanced Ordering, advanced Assignment

    Administration

    Deploy > Order Management

    Manage activities for a group and user.

    Not Applicable

    Administration

    Search order

    Ordering, advanced Ordering, advanced Assignment

    Administration

    Deploy > Infrastructure Configuration 

    Configuring Infrastructure

    infraConfigManagement

    Administration

    Deploy > Batch Provisioning

    Perform batch provisioning

    Not Applicable

    Administration

    Deploy > Provisioning Inventory

    Manage Phones

    Policy

    Administration

    Manage directory number, browse and search inventory

    Not Applicable

    Administration

    Report > Interactive Reports > Provisioning Reports

    View Provisioning reports

    Not Applicable

    Administration

    Administration > Provisioning Setup

    Configure Phone Button Templates

    Policy

    Administration

    Configure Provisioning Rules, Attributes, and data maintenance

    Not Applicable

    Administration

    Administration > Notification Settings

    Configure e-mail settings

    Not Applicable

    Administration

    Adding a User

    You can add a user and assign predefined static roles. The user will have access to the Prime Collaboration web client only and cannot log in to the Prime Collaboration Assurance or Prime Collaboration Provisioning server through the CLI.

    To add a user:


      Step 1   Choose Administration > User Management.
      Step 2   On the User Management page, click Add.
      Step 3   In the Add User window, enter the required user details. Note that because the LDAP server performs authentication, it should have the same user ID as Prime Collaboration. For more information, see Configuring an LDAP Server.

      If you select the LDAP User option, the Password and Confirm Password fields are not displayed.

      Step 4   (Optional) If you have deployed the Managed Service Provider (MSP) version of Prime Collaboration, select a customer from the Customer drop-down list.
      Step 5   Select the appropriate Prime Collaboration Assurance roles. (If the Prime Collaboration Provisioning application is not integrated with the Prime Collaboration Assurance application, the Provisioning Domain and Provisioning Roles fields are not displayed when you perform the Add operation.)
      Step 6   If you wish to have only a Provisioning user, or a common user for Prime Collaboration Assurance and Prime Collaboration Provisioning, perform the following steps:
      1. Select the appropriate roles in the Provisioning Roles check box.
      2. Click Add Row under Domain Specific to create domain specific Provisioning Roles. You will see role settings option for General, Ordering and Activity roles. For information on authorization roles, see Table 1 Authorization Roles.
      3. Enter required details and click Done.
      Step 7   Click Save.

      Modifying User Roles

      When the contact information, role, or account status of a user changes, the administrator must edit the corresponding details in the system.

      To edit user details, select a user at Administration > User Management and make the necessary changes.

      As part of your regular system administration tasks, you sometimes must delete users from the Prime Collaboration database. However, you cannot delete the Prime Collaboration web client default administrator globaladmin.

      To delete a user, select the user from Administration > User Management and click Delete. Any jobs that are scheduled in the deleted user name continue to run until canceled.

      Configuring an LDAP Server

      You can configure Prime Collaboration to connect to a Lightweight Directory Access Protocol (LDAP) server, to access user information stored in the LDAP server. In converged mode, the LDAP server specified in Prime Collaboration Assurance is used for authentication only; authorization and role-based access control (RBAC) functions are performed by Prime Collaboration.

      You must create an LDAP user from the User Management page to enable the user to log in using LDAP credentials. To add a user, see Adding a user and to edit or delete a user, see Modifying User Roles.

      Prime Collaboration supports one primary LDAP server and one backup LDAP server.

      To configure LDAP server:


        Step 1   Choose Administration > System Setup > Assurance Setup > LDAP Settings.
        Step 2   In the LDAP Settings page, enter values for all the fields. See Table 4 for the field descriptions.
        Note   

        If Prime Collaboration must use SSL encryption, check the Use SSL check box and specify port 636.

        Step 3   Click Test Connection to check the connectivity to the LDAP server.
        Step 4   Upon successful connection, click Apply Settings and restart Prime Collaboration Assurance server to log in using LDAP.

        To restart Prime Collaboration Assurance Server, log in as admin user and execute the following commands:

        application stop cpcm
        application start cpcm

        The application stop cpcm command takes 10 minutes to complete execution and application start cpcm takes 10 to 15 minutes to complete execution.


        LDAP Configuration Parameters



        Table 4 LDAP Server Configuration

        Field

        Description

        Server IP address

        Enter the LDAP server name or IP address.

        Optionally enter the Backup LDAP server IP address.

        Server Port

        Enter the Port number on which the LDAP requests for the server is received.

        Non-secure port: 389

        Secure SSL port: 636

        Optionally enter the Backup LDAP server Port number.

        Note   

        If the LDAP server is configured to use a non-standard port, that port should be entered here as well.

        Admin Distinguished Name

        Admin Distinguished Name is the distinguished name to use.

        For example in the preceding image there is a user whose name is John Doe in the LDAP directory, so the Admin Distinguished Name will be as follows:
        • CN = John Doe
        • OU = Campus
        • OU = AdminBLR
        • OU = ABC
        • DC = eta
        • DC = com

        Admin Password

        Enter the password for the LDAP server authentication and reconfirm the password.

        LDAP User Search Base

        Enter the user search base. LDAP server searches for users under this base.

        Search Base is as follows:
        • DC = eta
        • DC = com
        Note   

        LDAP authentication fails if you enter special characters in the search base.

        Resetting Prime Collaboration Assurance Passwords

        As a super administrator, system administrator or network operator, you can reset the password for other Prime Collaboration users.

        You can reset the Prime Collaboration Assurance web client globaladmin password using the following procedure.

        To reset the Prime Collaboration Assurance globaladmin password:


          Step 1   Log in as a root user.
          Step 2   Enter the "goemsam" command:
          Step 3   Execute the following:
          
          #./bin/resetGlobalAdminPassword.sh
          
          Step 4   Enter a new password for the globaladmin and also confirm the new password.

          Resetting Prime Collaboration Provisioning Passwords

          To reset the Prime Collaboration Provisioning globaladmin password:


            Step 1   Log in as a root user.
            Step 2   Execute the following commands:
            
            #cd /opt/cupm/sep/ipt/bin:
            #./ResetGlobalAdminPassword.sh 'new password' <server type>
            

            Enter a new password for the globaladmin and specify the server type. The server type can be one of the following:

            ALL—for a single machine install

            Database—for database server

            Application—for application server

            Note   

            In case of a distributed system where database and application are in different servers, you must execute this procedure in both the servers.


            Changing Passwords

            To change your own password, go to Administration > User Management, click Change Password, and make necessary changes.