Cisco Unified Communications Manager Administration Guide, Release 8.0(2)
LDAP Authentication Configuration
Downloads: This chapterpdf (PDF - 348.0KB) The complete bookPDF (PDF - 18.29MB) | Feedback

LDAP Authentication Configuration

Table Of Contents

LDAP Authentication Configuration

LDAP Authentication Configuration Settings

Updating LDAP Authentication Information

Related Topics


LDAP Authentication Configuration


In Cisco Unified Communications Manager, LDAP directory configuration takes place in the following windows:

LDAP System

LDAP Directory

LDAP Authentication

LDAP Filter

You can make changes to LDAP directory information and LDAP authentication settings only if synchronization with the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System window.

Use the following topics to configure LDAP authentication information:

LDAP Authentication Configuration Settings

Updating LDAP Authentication Information

Related Topics

LDAP Authentication Configuration Settings

The authentication process verifies the identity of the user by validating the user ID and password/PIN before granting access to the system. Verification takes place against the Cisco Unified Communications Manager database or the LDAP corporate directory.

You can only configure LDAP authentication if you enable LDAP synchronization in the LDAP System window.

When both synchronization and LDAP authentication are enabled, the system always authenticates application users and end user PINs against the Cisco Unified Communications Manager database. End user passwords get authenticated against the corporate directory; thus, end users need to use their corporate directory password.

When only synchronization is enabled (and LDAP authentication is not enabled), end users get authenticated against the Cisco Unified Communications Manager database. In this case, the administrator can configure a password in the End User Configuration window in Cisco Unified Communications Manager Administration.

Table 16-1 describes the LDAP authentication configuration settings. For related procedures, see the "Related Topics" section.

Table 16-1 LDAP Authentication Configuration Settings 

Field
Description
LDAP Authentication for End Users

Use LDAP Authentication for End Users

Click this check box to require authentication of end users from the LDAP directory. If the check box is left unchecked, authentication gets performed against the database.

Note You can only access this field if LDAP synchronization is enabled in the LDAP System Configuration window.

LDAP Manager Distinguished Name

Enter the user ID of the LDAP Manager who is an administrative user that has access rights to the LDAP directory in question.

Note You can only access this field if LDAP authentication for end users is enabled.

LDAP Password

Enter a password for the LDAP Manager.

Note You can only access this field if LDAP authentication for end users is enabled.

Confirm Password

Reenter the password that you provided in the LDAP Password field.

Note You can only access this field if LDAP authentication for end users is enabled.

LDAP User Search Base

Enter the user search base. Cisco Unified Communications Manager searches for users under this base.

Note You can only access this field if LDAP authentication for end users is enabled.

LDAP Server Information

Host Name or IP Address for Server

Enter the host name or IP address where you installed the corporate directory.

Note You can only access this field if LDAP authentication for end users is enabled.

LDAP Port

Enter the port number on which the corporate directory receives the LDAP requests. You can only access this field if LDAP authentication for end users is enabled.

The default LDAP port for Microsoft Active Directory and for Netscape Directory specifies 389. The default LDAP port for Secured Sockets Layer (SSL) specifies 636.

How your corporate directory is configured determines which port number to enter in this field. For example, before you configure the LDAP Port field, determine whether your LDAP server acts as a Global Catalog server and whether your configuration requires LDAP over SSL. Consider entering one of the following port numbers:

LDAP Port For When the LDAP Server Is Not a Global Catalog Server

389—When SSL is not required. (This port number specifies the default that displays in the LDAP Port field.)

636—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

LDAP Port For When the LDAP Server Is a Global Catalog Server

3268—When SSL is not required.

3269—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

Tip Your configuration may require that you enter a different port number than the options that are listed in the preceding bullets. Before you configure the LDAP Port field, contact the administrator of your directory server to determine the correct port number to enter.

Use SSL

Check this check box to use SSL encryption for security purposes.

Note If LDAP over SSL is required, the corporate directory SSL certificate must be loaded into Cisco Unified Communications Manager. The Cisco Unified Communications Operating System Administration Guide describes the certificate upload procedure.

If you check the Use SSL check box, enter the IP address or the hostname that exists in the corporate directory SSL certificate in the Host Name or IP Address for Server field in the LDAP Authentication Configuration window. If the certificate contains an IP address, enter the IP address. If the certificate contains the hostname, enter the hostname. If you do not enter the IP address or hostname exactly as it exists in the certificate, problems may occur for some applications; for example, applications that use CTIManager.

Add Another Redundant LDAP Server

Click this button to add another row for entry of information about an additional server.

Note You can only access this button if LDAP authentication for end users is enabled.


Updating LDAP Authentication Information

Use the following procedure to update LDAP authentication information.

Before You Begin

The setting of the Enable Synchronizing from LDAP Server check box in the LDAP System Configuration window affects your ability to modify LDAP authentication settings. If synchronization with the LDAP server is enabled, you cannot modify LDAP directory information and LDAP authorization settings. Refer to the "Understanding the Directory" section on page 19-1 for more information about LDAP synchronization.

Conversely, if you want to enable administrators to modify LDAP directory information and LDAP authorization settings, you must disable synchronization with the LDAP server.

Procedure


Step 1 Choose System > LDAP > LDAP Authentication.

The LDAP Authentication window displays.

Step 2 Enter the appropriate configuration settings as described in Table 16-1.

Step 3 To save your changes, click Save.


Additional Information

See the "Related Topics" section.

Related Topics

LDAP Authentication Configuration Settings

Updating LDAP Authentication Information

Understanding the Directory, Cisco Unified Communications Manager System Guide

LDAP System Configuration, page 14-1

LDAP Directory Configuration, page 15-1

Application Users and End Users, Cisco Unified Communications Manager System Guide

Application User Configuration, page 112-1

End User Configuration, page 113-1