Cisco Unified Communications Manager Administration Guide, Release 8.5(1)
LDAP Directory Configuration
Downloads: This chapterpdf (PDF - 103.0KB) The complete bookPDF (PDF - 13.86MB) | Feedback

LDAP Directory Configuration

Table Of Contents

LDAP Directory Configuration

LDAP Directory Configuration Settings

Related Topics


LDAP Directory Configuration


LDAP directory configuration takes place in these related windows:

LDAP System Configuration

LDAP Directory

LDAP Authentication

LDAP Filter Configuration

Use the following topics to configure LDAP directory information:

LDAP Directory Configuration Settings

Related Topics

LDAP Directory Configuration Settings

In Cisco Unified Communications Manager Administration, use the System > LDAP > LDAP Directory menu path to configure LDAP directories.

In the LDAP Directory window, you specify information about the LDAP directory; for example, the name of the LDAP directory, where the LDAP users exist, how often to synchronize the data, and so on.

Before You Begin

Before you can synchronize the LDAP directory, you must activate the Cisco DirSync service. For information about how to activate services, see the Cisco Unified Serviceability Administration Guide.

Changes to LDAP Directory information and LDAP Authentication settings are possible only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System Configuration window.

Using the GUI

For instructions on how to use the Cisco Unified Communications Manager Administration Graphical User Interface (GUI) to find, delete, configure, or copy records, see the "Navigating the Cisco Unified Communications Manager Administration Application" section on page 1-13 and its subsections, which explain how to use the GUI and detail the functions of the buttons and icons.

Configuration Settings Table

Table 12-1 describes the LDAP directory configuration settings. For related procedures, see the "Related Topics" section.

Table 12-1 LDAP Directory Configuration Settings 

Field
Description
LDAP Directory Information

LDAP Configuration Name

Enter a unique name (up to 40 characters) for the LDAP directory.

LDAP Manager Distinguished Name

Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.

LDAP Password

Enter a password (up to 128 characters) for the LDAP Manager.

Confirm Password

Reenter the password that you provided in the LDAP Password field.

LDAP User Search Base

Enter the location (up to 256 characters) where all LDAP users exist. This location acts as a container or a directory. This information varies depending on customer setup.

LDAP Custom Filter

Select an LDAP custom filter from the drop-down list. The LDAP filter filters the results of LDAP searches. LDAP users that match the filter get imported into the Cisco Unified Communications Manager database, but LDAP users that do not match the filter do not get imported.

The default value is <None>. This value applies a default LDAP filter that is specific to the LDAP server type. These are the default LDAP filters:

Microsoft Active Directory (AD):
(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

iPlanet or Sun One LDAP Server:
(objectclass=inetOrgPerson)

OpenLDAP:
(objectclass=inetOrgPerson)

Microsoft Active Directory Application Mode (ADAM):
(&(objectclass=user)(!(objectclass=Computer))(!(msDS-UserAccountDisabled=TRUE)))

For more information about LDAP filters, see the "LDAP Custom Filter Configuration" section on page 14-1.

LDAP Directory Synchronization Schedule

Perform Sync Just Once

If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database only once, check this check box.

Perform a Re-sync Every

If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database at a regular interval, use these fields.

In the left field, enter a number. In the drop-down list box, choose a value:

hours

days

weeks

months

Cisco Unified Communications Manager can synchronize directory information every 6 hours, which is the minimum value allowed for this field.

Note This field remains active only if you do not check the Perform Sync Just Once check box.

Next Re-sync Time
(YYYY-MM-DD hh:mm)

Specify a time to perform the next synchronization of Cisco Unified Communications Manager directory data with this LDAP directory. Use a 24-hour clock to specify the time of day. For example, 1:00 pm equals 13:00.

User Fields To Be Synchronized
Cisco Unified Communications Manager User Fields
LDAP User Fields
 

User ID

sAMAccountName
or
uid

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Middle Name

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

middleName

initials

Manager ID

manager

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Phone Number

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

telephoneNumber

ipPhone

First Name

givenName

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Last Name

sn

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Department

department
or
departmentnumber

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

Mail ID

(drop-down list box)

For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.

For the LDAP User field, choose one of the following values:

mail

sAMAccountName

uid

LDAP Server Information

Host Name or IP Address for Server

Enter the host name or IP address of the server where the data for this LDAP directory resides.

LDAP Port

Enter the port number on which the corporate directory receives the LDAP requests. You can only access this field if LDAP authentication for end users is enabled.

The default LDAP port for Microsoft Active Directory and for Netscape Directory specifies 389. The default LDAP port for Secured Sockets Layer (SSL) specifies 636.

How your corporate directory is configured determines which port number to enter in this field. For example, before you configure the LDAP Port field, determine whether your LDAP server acts as a Global Catalog server and whether your configuration requires LDAP over SSL. Consider entering one of the following port numbers:

LDAP Port For When the LDAP Server Is Not a Global Catalog Server

389—When SSL is not required. (This port number specifies the default that displays in the LDAP Port field.)

636—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

LDAP Port For When the LDAP Server Is a Global Catalog Server

3268—When SSL is not required.

3269—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)

Tip Your configuration may require that you enter a different port number than the options that are listed in the preceding bullets. Before you configure the LDAP Port field, contact the administrator of your directory server to determine the correct port number to enter.

Use SSL

Check this check box to use Secured Sockets Layer (SSL) encryption for security purposes.

Note If LDAP over SSL is required, the corporate directory SSL certificate must be loaded into Cisco Unified Communications Manager. The Cisco Unified Communications Operating System Administration Guide documents the certificate upload procedure in the Security chapter.

Add Another Redundant LDAP Server

Click this button to add another row for entry of information about an additional server.

Perform Full Sync

Click this button to perform a full directory sync. While the directory is synchronizing, the button name changes to Cancel Full Sync. You can click the Cancel Full Sync button to cancel the sync.


In addition to the user fields that appear in Cisco Unified Communications Manager Administration, the Microsoft Active Directory Application Mode user fields that are described in Table 12-2 also get synchronized.

Table 12-2 Additional Synchronized Microsoft Active Directory Application Mode User Fields 

Cisco Unified Communications Manager User Fields
LDAP User Fields

UniqueIdentifier

ObjectGUID

Pager

pager
or
pagertelephonenumber

Mobile

mobile
or
mobiletelephonenumber

Title

title

Homephone

homephone
or
hometelephonenumber

OCSPrimaryUserAddress

msRTCSIP-primaryuseraddress


Additional Information

See the "Related Topics" section.

Related Topics

LDAP Directory Configuration

LDAP Directory Configuration Settings

Understanding the Directory, Cisco Unified Communications Manager System Guide

LDAP System Configuration, page 11-1

LDAP Authentication Configuration, page 13-1

LDAP Custom Filter Configuration, page 14-1

Application Users and End Users, Cisco Unified Communications Manager System Guide

Application User Configuration, page 87-1

End User Configuration, page 88-1