User Moves, Adds, and Changes Guide for Cisco Unity Connection Release 8.x
Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 8.x
Downloads: This chapterpdf (PDF - 170.0KB) The complete bookPDF (PDF - 4.73MB) | Feedback

Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 8.x

Table Of Contents

Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 8.x

Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Import Users Tool

Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Bulk Administration Tool

Changing the LDAP Integration Status of Connection Users (Cisco Unity Connection 8.5 and Later Only)

Changing the LDAP Integration Status of an Individual Connection User (Cisco Unity Connection 8.5 and Later Only)

Changing the LDAP Integration Status of Multiple Connection User Accounts in Bulk Edit Mode (Cisco Unity Connection 8.5 and Later Only)

Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)

Integrating Existing Connection User Accounts with LDAP User Accounts (Cisco Unity Connection 8.0 Only)

Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.5 and Later Only)

Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.0 Only)


Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 8.x


Revised November 16, 2010

Caution Information in this chapter is applicable in a Cisco Unity Connection configuration only. For information on integrating Cisco Unified Communications Manager Business Edition (CMBE) with an LDAP directory, see the following documentation available at http://www.cisco.com/en/US/products/ps7273/prod_maintenance_guides_list.html:
- The "Understanding the Directory" chapter of the Cisco Unified Communications Manager System Guide for Cisco Unified Communications Manager Business Edition.
- The "End User Configuration" chapter of the Cisco Unified Communications Manager Administration Guide for Cisco Unified Communications Manager Business Edition.

To create Cisco Unity Connection user accounts from LDAP user data, you use one of the following methods:

If you are creating a small number of users (a few hundred or fewer) and if you were able to create a regular expression to convert LDAP phone numbers into Connection extensions, you can use the Import Users tool. This is usually the best option when you are creating a few Connection users at a time for new employees. See the "Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Import Users Tool" section.

If you are creating a larger number of users or if you were not able to create a regular expression to convert LDAP phone numbers into Connection extensions, export user data to a CSV file by using the Bulk Administration Tool, reformat the data by using a spreadsheet application (if necessary), and import the data by using the Bulk Administration tool. See the "Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Bulk Administration Tool" section.

You can also integrate existing Connection user accounts with LDAP user accounts, whether or not the accounts were originally created by importing Cisco Unified CM users. For more information, see the appropriate section:

(Connection 8.5 and later) See the "Changing the LDAP Integration Status of Connection Users (Cisco Unity Connection 8.5 and Later Only)" section.

(Connection 8.0) See the "Integrating Existing Connection User Accounts with LDAP User Accounts (Cisco Unity Connection 8.0 Only)" section.

To determine whether a Connection user account is integrated with an LDAP user account, see the appropriate section:

(Connection 8.5 and later) See the "Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.5 and Later Only)" section.

(Connection 8.0) See the "Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.0 Only)" section.

Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Import Users Tool

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the "Integrating Cisco Unity Connection 8.x with an LDAP Directory" chapter of the System Administration Guide for Cisco Unity Connection Release 8.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx.html), you synchronized Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Connection server. When you use the Import Users tool to create Connection users, you import the data from the Cisco Unified CM database into the Connection database.


Caution When you entered values in the LDAP Setup page, you selected a field in the LDAP directory that would be imported into the User ID field in the hidden Cisco Unified CM database and, from there, into Connection. The LDAP field that you chose must have a value for every user in the LDAP directory. In addition, every value for that field must be unique. Any LDAP user who does not have a value in the field you choose cannot be imported into Connection.

When you create user accounts this way, Connection takes data from the LDAP fields that you specified on the LDAP Directory Configuration page, and fills in the remaining information from the user template that you specify. You cannot use Connection Administration to change data in the fields whose values come from the LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured Connection to periodically resynchronize Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Connection database during the next automatic resync. However, if new users have been added to the LDAP directory, this resynchronization does not create new Connection users. You must manually create new Connection users by using either the Import Users tool or the Bulk Administration Tool.

To Create Cisco Unity Connection Users by Importing LDAP User Data


Step 1 Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

When a cluster is configured, sign in to the publisher server.

Step 2 Expand Users and select Import Users.

Step 3 In the Find Unified Communications Manager End Users In list, select LDAP Directory.

Step 4 If you want to import only a subset of the users in the LDAP directory with which you have integrated Connection, enter the applicable specifications in the search fields.

Step 5 Select Find.

Step 6 In the Based on Template list, select the template that you want Connection to use when creating the selected users.


Caution If you specify an administrator template, the users will not have mailboxes.

Note If you are importing a large number of users, you can change the number of rows (users) that are displayed on each page.


Step 7 Check the check boxes for the LDAP users for whom you want to create Connection users.

Step 8 If necessary, enter extensions for the users that you want to create.

Step 9 Select Import Selected.


Creating Cisco Unity Connection 8.x Users from LDAP Data by Using the Bulk Administration Tool

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the "Integrating Cisco Unity Connection 8.x with an LDAP Directory" chapter of the System Administration Guide for Cisco Unity Connection Release 8.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx.html), you synchronized Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Connection server.

When you use the Bulk Administration Tool to create Connection users, you:

1. Export the data from the Cisco Unified CM database into a CSV file.


Caution Do not attempt to manually create a CSV file that contains the required data, which is error prone and likely to result in a variety of problems with the Connection users whose accounts are integrated with the LDAP directory.

2. Update the CSV file. For example, you may use a formula in a spreadsheet application to convert the phone number that was exported from the LDAP directory into a Connection extension.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Connection database.

When you create user accounts this way, Connection takes data from the CSV file and fills in the remaining information from the user template that you specify. You cannot use Connection Administration to change data in the fields whose values come from the LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured Connection to periodically resynchronize Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Connection users. You must manually create new Connection users by using either the Import Users tool or the Bulk Administration Tool.

To Create Cisco Unity Connection Users by Using the Bulk Administration Tool


Step 1 Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

Step 2 Expand Tools and select Bulk Administration Tool.

Step 3 Export the data that is currently in the hidden Cisco Unified CM database on the Connection server:

a. Under Select Operation, select Export.

b. Under Select Object Type, select Users from LDAP Directory.

c. In the CSV File field, enter the full path to the file in which you want to save exported data.

d. Select Submit.

Step 4 Open the CSV file in a spreadsheet application or in a text editor, and update the data as applicable. For more information, see the "Using the Cisco Unity Connection 8.x Bulk Administration Tool" section.

Step 5 Import the data in the updated CSV file:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool.

c. Under Select Operation, select Create.

d. Under Select Object Type, select Users with Mailbox.

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the full path of the file to which you want Connection to write error messages about users who could not be created.

g. Select Submit.

Step 6 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all users were created successfully.


Changing the LDAP Integration Status of Connection Users (Cisco Unity Connection 8.5 and Later Only)

Added November 16, 2010

To change the LDAP integration status of a Connection user, you use one of the following methods, depending on your situation:

To change the LDAP integration status of an individual Connection user who was not created by importing from Cisco Unified Communications Manager, see the "Changing the LDAP Integration Status of an Individual Connection User (Cisco Unity Connection 8.5 and Later Only)" section.

To change the LDAP integration status of multiple Connection users who were not created by importing from Cisco Unified Communications Manager, see the "Changing the LDAP Integration Status of Multiple Connection User Accounts in Bulk Edit Mode (Cisco Unity Connection 8.5 and Later Only)" section.

To change the LDAP integration status of Connection users who were created by importing from Cisco Unified Communications Manager, see the "Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)" section.

Regardless of the method you choose, note the following considerations which apply to all cases:

If you are integrating a Connection user account with an LDAP user account, note the following:

If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Connection database with the LDAP directory.

During the next scheduled synchronization of the Connection database with the LDAP directory, existing values for certain fields are overwritten with values from the LDAP directory.

If you have configured Connection to periodically resynchronize Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Connection users. You must manually create new Connection users by using either the Import Users tool or the Bulk Administration Tool.

If you are breaking the association between a Connection user account and an LDAP directory user account, note the following:

If Connection is configured to authenticate passwords for web applications against the LDAP directory, the Connection user will no longer authenticate against the LDAP password for the corresponding user. To enable the user to log on to Connection web applications, you must enter a new password on the Edit > Change Password page.

If Connection is configured to periodically synchronize with the LDAP directory, selected data for the Connection user will no longer be updated when the corresponding data in the LDAP directory is updated.

Changing the LDAP Integration Status of an Individual Connection User (Cisco Unity Connection 8.5 and Later Only)

To Change the LDAP Integration Status of an Individual Connection User (Connection 8.5 and Later)


Step 1 In Cisco Unity Connection Administration, click Users.

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, in LDAP Integration Status section, select the desired radio button:

Integrate with LDAP Directory—To integrate a Connection user account with an LDAP user account, select this option. The Connection alias must match the corresponding value in the LDAP directory. (On the System Settings > LDAP > LDAP Setup page, the LDAP Attribute for User ID list identifies the field in the LDAP directory for which the value must match the value of the Alias field in Connection.)

Do Not Integrate with LDAP Directory—To break the association between a Connection user account and an LDAP directory user account, select this option.

If the user was created by importing from Cisco Unified Communications Manager, the LDAP Integration Status field is grayed out and you must use Bulk Administration Tool to integrate them with an LDAP user account. See "Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)" section.

Step 4 Click Save.


Changing the LDAP Integration Status of Multiple Connection User Accounts in Bulk Edit Mode (Cisco Unity Connection 8.5 and Later Only)

To Change the LDAP Integration Status of Multiple Connection Accounts in Bulk Edit Mode (Connection 8.5 and Later)


Step 1 In Cisco Unity Connection Administration, on the Search Users page, check the applicable user check boxes, and select Bulk Edit.

If the user accounts that you want to edit in bulk do not all appear on one Search page, check all applicable check boxes on the first page, then go to the next page and check all applicable check boxes, and so on, until you have selected all applicable users. Then select Bulk Edit.

Step 2 On the User Basics page, in LDAP Integration Status section, select the desired radio button:

Integrate with LDAP Directory—To integrate a Connection user account with an LDAP user account, select this option. The Connection alias must match the corresponding value in the LDAP directory. (On the System Settings > LDAP > LDAP Setup page, the LDAP Attribute for User ID list identifies the field in the LDAP directory for which the value must match the value of the Alias field in Connection.)

Do Not Integrate with LDAP Directory—To break the association between a Connection user account and an LDAP directory user account, select this option.

Step 3 If applicable, set the Bulk Edit Task Scheduling Fields to schedule the Bulk Edit operation for a later date and/or time.

Step 4 Select Submit.

If any of the users were created by importing from Cisco Unified Communications Manager, Bulk Edit will log an error indicating that you must use the Bulk Administration Tool to integrate them with an LDAP user account. See "Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)" section.


Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)

The Bulk Administration Tool can be used to integrate existing Connection users with LDAP user accounts, but it cannot be used to break the association between a Connection user account and an LDAP directory user account.

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the "Integrating Cisco Unity Connection 8.x with an LDAP Directory" chapter of the System Administration Guide for Cisco Unity Connection Release 8.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx.html), you synchronized Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Connection server.

When you use the Bulk Administration Tool to integrate existing Connection users with LDAP users, you do the following tasks, which update each Connection user account with the LDAP user ID for the corresponding LDAP user account:

1. Export the data from the Cisco Unified CM database into a CSV file.

2. Update the CSV file to remove LDAP users who don't have Connection accounts and to remove Cisco Unified CM IDs, if applicable.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Connection database.


Caution When you import LDAP user data into the Connection database, existing values for the fields being imported are overwritten with values from the LDAP directory.

To Integrate Existing Cisco Unity Connection Users with LDAP Users


Step 1 For every Cisco Unity Connection user that you want to integrate with an LDAP user, if the value of the Connection Alias field does not match the value of the LDAP user ID, use Cisco Unity Connection Administration to update the Connection alias so that they do match.

Step 2 Sign in to Connection Administration as a user that has the System Administrator role.

Step 3 Expand Tools and select Bulk Administration Tool.

Step 4 Export to a CSV file the LDAP user data that is currently in the cache on the Connection server:

a. Under Select Operation, select Export.

b. Under Select Object Type, select Users from LDAP Directory.

c. In the CSV File field, enter the name of the file in which you want to save exported data.

d. Select Submit.

Step 5 Download and edit the CSV file that you created in Step 4:

Remove any Connection users who you do not want to synchronize with users in the LDAP directory. For more information, see the "Using the Cisco Unity Connection 8.x Bulk Administration Tool" section.

For Connection users who were originally created by importing data from Cisco Unified CM, enter %null% in the CcmId field.

Confirm that the LdapCcmUserId field contains the correct LDAP alias for each user.

Step 6 Import the data that you edited in Step 5:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool.

c. Under Select Operation, select Update.

d. Under Select Object Type, select Users with Mailbox.

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the name of the file to which you want Connection to write error messages about users who could not be created.

g. Select Submit.

Step 7 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all Connection users were successfully integrated with the corresponding LDAP users.


Integrating Existing Connection User Accounts with LDAP User Accounts (Cisco Unity Connection 8.0 Only)

Revised November 16, 2010

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the "Integrating Cisco Unity Connection 8.x with an LDAP Directory" chapter of the System Administration Guide for Cisco Unity Connection Release 8.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx.html), you synchronized Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Connection server.

When you use the Bulk Administration Tool to integrate existing Connection users with LDAP users, you do the following tasks, which update each Connection user account with the LDAP user ID for the corresponding LDAP user account:

1. Export the data from the Cisco Unified CM database into a CSV file.

2. Update the CSV file to remove LDAP users who don't have Connection accounts and to remove Cisco Unified CM IDs, if applicable.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Connection database.


Caution When you import LDAP user data into the Connection database, existing values for the fields being imported are overwritten with values from the LDAP directory.

If you have configured Connection to periodically resynchronize Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Connection users. You must manually create new Connection users by using either the Import Users tool or the Bulk Administration Tool.


Note You use the same process if the Connection users were created by importing data from Cisco Unified CM. Step 5 in the following procedure explains how to delete the applicable Cisco Unified CM data.


To Integrate Existing Cisco Unity Connection Users with LDAP Users


Step 1 For every Cisco Unity Connection user that you want to integrate with an LDAP user, if the value of the Connection Alias field does not match the value of the LDAP user ID, use Cisco Unity Connection Administration to update the Connection alias so that they do match.

Step 2 Sign in to Connection Administration as a user that has the System Administrator role.

Step 3 Expand Tools and select Bulk Administration Tool.

Step 4 Export to a CSV file the LDAP user data that is currently in the cache on the Connection server:

a. Under Select Operation, select Export.

b. Under Select Object Type, select Users from LDAP Directory.

c. In the CSV File field, enter the full path to the file in which you want to save exported data.

d. Select Submit.

Step 5 Edit the CSV file that you created in Step 4:

Remove any Connection users who you do not want to synchronize with users in the LDAP directory. For more information, see the "Using the Cisco Unity Connection 8.x Bulk Administration Tool" section.

For Connection users who were originally created by importing data from Cisco Unified CM, delete the data in the CcmId field and replace it with %null%.

Step 6 Import the data that you edited in Step 5:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool.

c. Under Select Operation, select Update.

d. Under Select Object Type, select Users with Mailbox.

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the full path of the file to which you want Connection to write error messages about users who could not be created.

g. Select Submit.

Step 7 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all Connection users were successfully integrated with the corresponding LDAP users.


Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.5 and Later Only)

Added November 16, 2010

If you integrate Connection user accounts with LDAP user accounts, you are not required to integrate every Connection account with an LDAP account. In addition, you can create new Connection accounts that are not integrated with LDAP accounts. To determine whether a Connection account is integrated with an LDAP account, do the following procedure.

To Determine Whether a Connection User Account Is Integrated with an LDAP Account


Step 1 In Cisco Unity Connection Administration, click Users.

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, the LDAP Integration Status field indicates whether or not the Connection user account is integrated with an LDAP user account.

If the LDAP Integration Status field is grayed out, the user was created by importing from Cisco Unified Communications Manager.


Determining Whether a Connection User Account Is Integrated with an LDAP User Account (Cisco Unity Connection 8.0 Only)

If you integrate Connection user accounts with LDAP user accounts, you are not required to integrate every Connection account with an LDAP account. In addition, you can create new Connection accounts that are not integrated with LDAP accounts. To determine whether a Connection account is integrated with an LDAP account, do the following procedure.

To Determine Whether a Connection User Account Is Integrated with an LDAP Account


Step 1 In Cisco Unity Connection Administration, click Users.

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, if the Connection user account is integrated with an LDAP user account, the Status area will contain one of the following messages:

Active User Imported from LDAP Directory

Inactive User Imported from LDAP Directory

If neither of these messages appears in the Status area, the Connection user account is not integrated with an LDAP user account.