User Moves, Adds, and Changes Guide for Cisco Unity Connection Release 9.x
Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 9.x
Downloads: This chapterpdf (PDF - 129.0KB) The complete bookPDF (PDF - 2.16MB) | Feedback

Table of Contents

Creating LDAP Integrated Users or Changing the LDAP Integration Status for Existing Users in Cisco Unity Connection 9.x

Creating LDAP Integrated Unity Connection Users Using Import Users Tool

Creating LDAP Integrated Unity Connection Users Using Bulk Administration Tool

Changing the LDAP Integration Status of Unity Connection Users

Changing the LDAP Integration Status of an Individual Unity Connection User

Changing the LDAP Integration Status of Multiple Unity Connection Users

Integrating Existing Unity Connection Users with LDAP User Accounts

Determining if a Unity Connection User Account is LDAP Integrated

Creating LDAP Integrated Users or Changing the LDAP Integration Status for Existing Users in Cisco Unity Connection 9.x

Unity Connection can be integrated with an LDAP directory following the “Integrating Cisco Unity Connection 9.x with an LDAP Directory” chapter of the System Administration Guide for Cisco Unity Connection Release 9.x , available at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/administration/guide/9xcucsagx/9xcucsag306.html .

The Unity Connection users are synchronized with the user data in an LDAP directory. This imports the LDAP user data into a hidden Cisco Unified Communications Manager database on Unity Connection.

You can create LDAP integrated Cisco Unity Connection user accounts either by importing the LDAP user data or integrating the existing Unity Connection users with LDAP user data.

  • Create Unity Connection users manually using either the Import Users tool or the Bulk Administration Tool.

If you are creating a small number of users or if you are able to create a regular expression to convert LDAP phone numbers into Unity Connection extensions, you can use the Import Users tool. For more information, see the Creating LDAP Integrated Unity Connection Users Using Import Users Tool section.

If you are creating a larger number of users or if you were not able to create a regular expression to convert LDAP phone numbers into Unity Connection extensions, you can use the Bulk Administration Tool (BAT). See the Creating LDAP Integrated Unity Connection Users Using Bulk Administration Tool.

  • Integrate the existing Unity Connection users with LDAP user accounts. For more information, see the following sections:

Changing the LDAP Integration Status of Unity Connection Users.

.


Note The information in this chapter is not applicable for Cisco Unified Communications Manager Business Edition 5000. For information on integrating Cisco Unified Communications Manager Business Edition 5000 with an LDAP directory, see the following documentation available at http://www.cisco.com/en/US/products/ps7273/prod_maintenance_guides_list.html.

  • The “Understanding the Directory” chapter of the Cisco Unified Communications Manager System Guide for Cisco Unified Communications Manager Business Edition 5000.
  • The “End User Configuration” chapter of the Cisco Unified Communications Manager Administration Guide for Cisco Unified Communications Manager Business Edition 5000.


 

Creating LDAP Integrated Unity Connection Users Using Import Users Tool

When you use the Import Users tool to create Unity Connection users, you import the data from the LDAP fields that you specified on the LDAP Directory Configuration page. The remaining information is imported from the user template that you select while importing the user data.


Caution During LDAP configuration, you select a field in the LDAP directory that is imported into the User ID field. The LDAP field that you select must have a unique value for every user in the LDAP directory. Any LDAP user that does not have a value in this field cannot be imported into Unity Connection.

Cisco Unity Connection Administration cannot be used to change the values of the data in the fields that populates the value from LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured to periodically synchronize Unity Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic synchronization. However, if new users have been added to the LDAP directory, this synchronization does not create new Unity Connection users.

To Create Unity Connection Users by Importing LDAP User Data


Step 1 In Cisco Unity Connection Administration, expand Users and select Import Users .


Note In case of a Unity Connection cluster, perform the steps only on the publisher server.


Step 2 On the Import Users page, select LDAP Directory in the Find Unified Communications Manager End Users In list.

Step 3 If you want to import only a subset of the users in the LDAP directory with which you have integrated Unity Connection, enter the applicable specifications in the search fields and select Find .

Step 4 In the Based on Template list, select the template that you want Unity Connection to use when creating the selected users.


Caution If you specify an administrator template, the users cannot have mailboxes.

Step 5 Check the check boxes for the LDAP users for which you want to create Unity Connection users. If necessary, enter extensions for the users that you want to create.

Step 6 Select Import Selected .


 

Creating LDAP Integrated Unity Connection Users Using Bulk Administration Tool

Follow the given steps when using the Bulk Administration Tool to create Unity Connection users:

1. Export the data from the Cisco Unified CM database into a CSV file.


Caution Do not attempt to manually create a CSV file that contains the required data because it is likely to result in a variety of problems with the LDAP integrated Unity Connection users.

2. Update the CSV file. For example, you may use a formula in a spreadsheet application to convert the phone number that was exported from the LDAP directory into a Unity Connection extension.


Caution If any users in the LDAP directory have missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory. Then synchronize the Unity Connection database with the LDAP directory. You should not enter the values in the CSV file and import the CSV file otherwise Unity Connection cannot locate the users in the LDAP directory.

3. Import the updated CSV file into the Unity Connection database.

When you create user accounts this way, Unity Connection takes data from the CSV file and fills in the remaining information from the user template that you specify. You cannot use Cisco Unity Connection Administration to change data in the fields that populates its values from the LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured to periodically synchronize the Unity Connection data with LDAP user data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic synchronization. However, if new users have been added to the LDAP directory, this synchronization does not create new Unity Connection users. You must manually create new Unity Connection users using either the Import Users tool or the Bulk Administration Tool.

To Create Cisco Unity Connection Users Using the Bulk Administration Tool


Step 1 Export the data in the hidden Cisco Unified CM database in to the Unity Connection server:

a. In Cisco Unity Connection Administration, expand Tools and select Bulk Administration Tool .

b. On the Select Operation field, select Export .

c. On the Select Object Type field, select Users from LDAP Directory .

d. In the CSV File field, enter the full path to the file in which you want to save exported data.

e. Select Submit .

Step 2 Open the CSV file in a spreadsheet application or in a text editor, and update the data as applicable. For more information, see the “Using the Cisco Unity Connection 9.x Bulk Administration Tool” section.

Step 3 Import the data in the updated CSV file:

a. In Cisco Unity Connection Administration, expand Tools and select Bulk Administration Tool .

b. In the Select Operation field, select Create .

c. In the Select Object Type field, select Users with Mailbox .

d. In the CSV File field, enter the full path to the file from which you want to import data.

e. In the Failed Objects Filename field, enter the full path of the file to which you want Unity Connection to write error messages about users who could not be created.

f. Select Submit .

Step 4 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all users were created successfully.


 

Changing the LDAP Integration Status of Unity Connection Users

To change the LDAP integration status of a Unity Connection user, you use one of the following methods, depending on your situation:

Regardless of the method you choose, note the following considerations which apply to all cases:

If you are integrating a Unity Connection user account with an LDAP user account, note the following:

  • If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Unity Connection database with the LDAP directory.
  • During the next scheduled synchronization of the Connection database with the LDAP directory, existing values for certain fields are overwritten with values from the LDAP directory.

If you are breaking the association between a Unity Connection user account and an LDAP directory user account, note the following:

  • If Unity Connection is configured to authenticate passwords for web applications against the LDAP directory, the Unity Connection user can no longer authenticate against the LDAP password for the corresponding user. To enable the user to log on to Unity Connection web applications, you must enter change the web application password on Cisco Unity Connection Administration> Users> select a user> Edit > Change Password (Web Application).
  • If Unity Connection is configured to periodically synchronize with the LDAP directory, selected data for the Unity Connection user can no longer be updated when the corresponding data in the LDAP directory is updated.

Changing the LDAP Integration Status of an Individual Unity Connection User

To Change the LDAP Integration Status of an Individual Unity Connection User


Step 1 In Cisco Unity Connection Administration, expand Users and select Users.

The Search Users page appears displaying the currently configured users.

Step 2 On the Search Users page, select the user on which you want to change the LDAP integration status.

Step 3 On the Edit User Basics page, in LDAP Integration Status section, select the desired radio button:

  • Integrate with LDAP Directory— Select this option to integrate a Unity Connection user account with an LDAP user account. The Unity Connection alias must match the corresponding value in the LDAP directory.
  • Do Not Integrate with LDAP Directory—Select this option to break the association between a Unity Connection user account and an LDAP directory user account.

Note If the user was created by importing from Cisco Unified Communications Manager, the LDAP Integration Status field is grayed out and you must use Bulk Administration Tool to integrate them with an LDAP user account. See “Integrating Existing Unity Connection Users with LDAP User Accounts” section.


Step 4 Select Save.


 

Changing the LDAP Integration Status of Multiple Unity Connection Users

To Change the LDAP Integration Status of Multiple Unity Connection Users


Step 1 In Cisco Unity Connection Administration, expand Users and select Users.

The Search Users page appears displaying the currently configured users.

Step 2 On the Search Users page, check the applicable user check boxes to select the users on which you want to change the LDAP integration status, and then select Bulk Edit.

Step 3 On the User Basics page, in LDAP Integration Status section, select the desired radio button:

  • Integrate with LDAP Directory— Select this option to integrate a Unity Connection user account with an LDAP user account. The Unity Connection alias must match the corresponding value in the LDAP directory.
  • Do Not Integrate with LDAP Directory—Select this option to break the association between a Unity Connection user account and an LDAP directory user account.

Step 4 (Optional) Set the Bulk Edit Task Scheduling Fields to schedule the Bulk Edit operation for a later date and/or time.

Step 5 Select Submit.


Note If any of the users were created by importing from Cisco Unified Communications Manager, Bulk Edit logs an error indicating that you must use the Bulk Administration Tool to integrate them with an LDAP user account. See “Integrating Existing Unity Connection Users with LDAP User Accounts” section.



 

Integrating Existing Unity Connection Users with LDAP User Accounts

The Bulk Administration Tool is used to integrate existing Unity Connection users with LDAP user accounts, but it cannot be used to break the association between a Unity Connection user account and an LDAP directory user account.

For every Cisco Unity Connection user that you want to integrate with an LDAP user, if the value of the Unity Connection Alias field does not match the value of the LDAP user ID, use Cisco Unity Connection Administration to update the Unity Connection alias so that they do match.

When you use the Bulk Administration Tool to integrate existing Unity Connection users with LDAP users, you do the following tasks to update each Unity Connection user account with the LDAP user ID for the corresponding LDAP user account:

1. Export the data from the Cisco Unified CM database into a CSV file.

2. Update the CSV file to remove LDAP users that do not have Unity Connection accounts and to remove Cisco Unified CM IDs, if applicable.


Caution If any users in the LDAP directory have missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory. Then synchronize the Unity Connection database with the LDAP directory. You should not enter the values in the CSV file and import the CSV file otherwise Unity Connection cannot locate the users in the LDAP directory.

3. Import the updated CSV file into the Unity Connection database.


Caution When you import LDAP user data into the Unity Connection database, existing values for the fields being imported are overwritten with values from the LDAP directory.

To Integrate Existing Unity Connection Users with LDAP Users


Step 1 In Cisco Unity Connection Administration, expand Tools and select Bulk Administration Tool .

The Bulk Administration Tool page appears.

Step 2 Export to a CSV file the LDAP user data that is currently in the cache on the Connection server:

a. In the Select Operation section, select Export .

b. In the Select Object Type section, select Users from LDAP Directory .

c. In the CSV File field, enter the name of the file in which you want to save exported data.

d. Select Submit .

Step 3 Download and edit the CSV file that you created in Step 2:

  • Remove any Unity Connection users who you do not want to synchronize with users in the LDAP directory. For more information, see the “Using the Cisco Unity Connection 9.x Bulk Administration Tool” section.
  • For Unity Connection users who were originally created by importing data from Cisco Unified CM, enter %null% in the CcmId field.
  • Confirm that the LdapCcmUserId field contains the correct LDAP alias for each user.

Step 4 Import the data that you edited in Step 3:

a. In Cisco Unity Connection Administration, expand Tools and select Bulk Administration Tool .

b. In the Select Operation field, select Update .

c. In the Select Object Type field, select Users with Mailbox .

d. In the CSV File field, enter the full path to the file from which you want to import data.

e. In the Failed Objects Filename field, enter the name of the file to which you want Unity Connection to write error messages about users who could not be created.

f. Select Submit .

Step 5 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all Unity Connection users have been successfully integrated with the corresponding LDAP users.


 

Determining if a Unity Connection User Account is LDAP Integrated

To Determine if a Unity Connection User Account is LDAP Integrated


Step 1 In Cisco Unity Connection Administration, expand Users and select Users .

The Search Users page appears displaying the currently configured users.

Step 2 On the Search Users page, select the user that you want to check if it is integrated to an LDAP user account.

Step 3 On the Edit User Basics page, if the Unity Connection user account is integrated with an LDAP user account, the Status contains either of the following messages:

  • Active User Imported from LDAP Directory
  • Inactive User Imported from LDAP Directory

If neither of the messages appears in the Status area, the Unity Connection user account is not integrated with an LDAP user account.