Cisco Unified Communications Manager Administration Guide, Release 8.0(1)
LDAP Directory Configuration
Downloads: This chapterpdf (PDF - 375.0KB) The complete bookPDF (PDF - 17.43MB) | Feedback

LDAP Directory Configuration

Table Of Contents

LDAP Directory Configuration

LDAP Directory Configuration Settings

Finding an LDAP Directory

Configuring an LDAP Directory

Deleting an LDAP Directory

Related Topics


LDAP Directory Configuration


LDAP directory configuration takes place in these related windows:

LDAP System

LDAP Directory

LDAP Authentication

LDAP Filters

Use the following topics to configure LDAP directory information:

LDAP Directory Configuration Settings

Finding an LDAP Directory

Configuring an LDAP Directory

Deleting an LDAP Directory

Related Topics

LDAP Directory Configuration Settings

In the LDAP Directory window, you specify information about the LDAP directory; for example, the name of the LDAP directory, where the LDAP users exist, how often to synchronize the data, and so on. Table 15-1 describes the LDAP directory configuration settings. For related procedures, see the "Related Topics" section.

Before You Begin

Before you can synchronize the LDAP directory, you must activate the Cisco DirSync service. For information about how to activate services, refer to the Cisco Unified Serviceability Administration Guide.

Changes to LDAP Directory information and LDAP Authentication settings are possible only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System window.

Table 15-1 LDAP Directory Configuration Settings 

Field
Description
LDAP Directory Information

LDAP Configuration Name

Enter a unique name (up to 40 characters) for the LDAP directory.

LDAP Manager Distinguished Name

Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.

LDAP Password

Enter a password (up to 128 characters) for the LDAP Manager.

Confirm Password

Reenter the password that you provided in the LDAP Password field.

LDAP User Search Base

Enter the location (up to 256 characters) where all LDAP users exist. This location acts as a container or a directory. This information varies depending on customer setup.

LDAP Custom Filter

Select an LDAP custom filter from the drop-down list. The LDAP filter filters the results of LDAP searches. LDAP users that match the filter get imported into the Cisco Unified Communications Manager database, but LDAP users that do not match the filter do not get imported.

The default value is <None>. This value applies a default LDAP filter that is specific to the LDAP server type. These are the default LDAP filters:

Microsoft Active Directory (AD):
(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

iPlanet or Sun One LDAP Server:
(objectclass=inetOrgPerson)

OpenLDAP:
(objectclass=inetOrgPerson)

Microsoft Active Directory Application Mode (ADAM):
(&(objectclass=user)(!(objectclass=Computer))(!(msDS-UserAccountDisabled=TRUE)))

For more information about LDAP filters, see the "LDAP Custom Filter" section on page 17-1.

LDAP Directory Synchronization Schedule

Perform Sync Just Once

If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database only once, check this check box.

Perform a Re-sync Every

If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database at a regular interval, use these fields.

In the left field, enter a number. In the drop-down list box, choose a value:

hours

days

weeks

months

Cisco Unified Communications Manager can synchronize directory information every 6 hours, which is the minimum value allowed for this field.

Note This field remains active only if you do not check the Perform Sync Just Once check box.

Next Re-sync Time
(YYYY-MM-DD hh:mm)

Specify a time to perform the next synchronization of Cisco Unified Communications Manager directory data with this LDAP directory. Use a 24-hour clock to specify the time of day. For example, 1:00 pm equals 13:00.

User Fields To Be Synchronized
Cisco Unified Communications Manager User Fields
LDAP User Fields
 

User ID

sAMAccountName
or
uid

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Middle Name

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

middleName

initials

Manager ID

manager

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Phone Number

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

telephoneNumber

ipPhone

First Name

givenName

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Last Name

sn

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Department

department
or
departmentnumber

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Mail ID

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

mail

sAMAccountName

uid

LDAP Server Information

Host Name or IP Address for Server

Enter the host name or IP address of the server where the data for this LDAP directory resides.

LDAP Port

Enter the port number on which the corporate directory receives the LDAP requests. You can only access this field if LDAP authentication for end users is enabled.

The default LDAP port for Microsoft Active Directory and for Netscape Directory specifies 389. The default LDAP port for Secured Sockets Layer (SSL) specifies 636.

How your corporate directory is configured determines which port number to enter in this field. For example, before you configure the LDAP Port field, determine whether your LDAP server acts as a Global Catalog server and whether your configuration requires LDAP over SSL. Consider entering one of the following port numbers:

LDAP Port For When the LDAP Server Is Not a Global Catalog Server

389—When SSL is not required. (This port number specifies the default that displays in the LDAP Port field.)

636—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

LDAP Port For When the LDAP Server Is a Global Catalog Server

3268—When SSL is not required.

3269—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

Tip Your configuration may require that you enter a different port number than the options that are listed in the preceding bullets. Before you configure the LDAP Port field, contact the administrator of your directory server to determine the correct port number to enter.

Use SSL

Check this check box to use Secured Sockets Layer (SSL) encryption for security purposes.

Note If LDAP over SSL is required, the corporate directory SSL certificate must be loaded into Cisco Unified Communications Manager. The Cisco Unified Communications Operating System Administration Guide documents the certificate upload procedure in the Security chapter.

Add Another Redundant LDAP Server

Click this button to add another row for entry of information about an additional server.


In addition to the user fields that appear in Cisco Unified Communications Manager Administration, the Microsoft Active Directory Application Mode user fields described in Table 15-2 also get synchronized.

Table 15-2 Additional Synchronized Microsoft Active Directory Application Mode User Fields 

Cisco Unified Communications Manager User Fields
LDAP User Fields

UniqueIdentifier

ObjectGUID

Pager

pager
or
pagertelephonenumber

Mobile

mobile
or
mobiletelephonenumber

Title

title

Homephone

homephone
or
hometelephonenumber

OCSPrimaryUserAddress

msRTCSIP-primaryuseraddress


Finding an LDAP Directory

Use the following procedure to locate LDAP directory configurations.


Note During your work in a browser session, Cisco Unified Communications Manager Administration retains your LDAP directory search preferences. If you navigate to other menu items and return to this menu item, Cisco Unified Communications Manager Administration retains your LDAP directory search preferences until you modify your search or close the browser.


Procedure


Step 1 Choose System > LDAP > LDAP Directory.

The Find and List LDAP Directories window displays.

Step 2 To find all records in the database, ensure the dialog box is empty; go to Step 3.

To filter or search records:

From the first drop-down list box, select a search parameter.

From the second drop-down list box, select a search pattern.

Specify the appropriate search text, if applicable.


Note To add additional search criteria click the + button. When you add criteria, the system searches for a record that matches all criteria that you specify. To remove criteria, click the - button to remove the last added criteria or click the Clear Filter button to remove all added search criteria.


Step 3 Click Find.

All matching records display. You can change the number of items that display on each page by choosing a different value from the Rows per Page drop-down list box.


Note You can delete multiple records from the database by checking the check boxes next to the appropriate record and clicking Delete Selected. You can delete all configurable records for this selection by clicking Select All and then clicking Delete Selected.


Step 4 From the list of records that display, click the link for the record that you want to view.


Note To reverse the sort order, click the up or down arrow, if available, in the list header.


The window displays the item that you choose.


Additional Information

See the "Related Topics" section.

Configuring an LDAP Directory

This section describes how to add or update information about an LDAP directory that is used to synchronize user data with the Cisco Unified Communications Manager Administration database.

Procedure


Step 1 Choose System > LDAP > LDAP Directory.

The Find and List LDAP Directories window displays.

Step 2 Perform one of the following tasks:

To add new information about an LDAP directory, locate the appropriate directory as described in the "Finding an LDAP Directory" section, click the Add New button, and continue with Step 3.

To update existing information about an LDAP directory, locate the appropriate directory as described in the "Finding an LDAP Directory" section and continue with Step 3.

Step 3 Enter the appropriate settings as described in Table 15-1.

Step 4 Click Save.

The new LDAP directory gets added or updated to the Cisco Unified Communications Manager database.


Additional Information

See the "Related Topics" section.

Deleting an LDAP Directory

This section describes how to delete an LDAP directory in Cisco Unified Communications Manager Administration.

Before You Begin

When you delete an LDAP directory, Cisco Unified Communications Manager removes information about that directory from the database.


Note You can delete multiple LDAP directories from the Find and List LDAP directories window by checking the check boxes next to the appropriate LDAP directories and clicking Delete Selected. You can delete all LDAP directories in the window by clicking Select All and then clicking Delete Selected.


Procedure


Step 1 Find the LDAP directory that you want to delete by using the procedure in the "Finding an LDAP Directory" section.

Step 2 Click the name of the LDAP directory that you want to delete.

The LDAP directory that you chose displays.

Step 3 Click Delete.

You receive a message that asks you to confirm the deletion.

Step 4 Click OK.

The window refreshes, and the LDAP directory gets deleted from the database.


Additional Information

See the "Related Topics" section.

Related Topics

LDAP Directory Configuration Settings

Finding an LDAP Directory

Configuring an LDAP Directory

Deleting an LDAP Directory

Understanding the Directory, Cisco Unified Communications Manager System Guide

LDAP System Configuration, page 14-1

LDAP Authentication Configuration, page 16-1

Application Users and End Users, Cisco Unified Communications Manager System Guide

Application User Configuration, page 112-1

End User Configuration, page 113-1