Cisco Jabber for Android 9.6 Server Setup Guide
Configure Directory Integration in On-Premises Deployments
Downloads: This chapterpdf (PDF - 1.32MB) The complete bookPDF (PDF - 3.29MB) | Feedback

Configure Directory Integration in On-Premises Deployments

Configure Directory Integration in On-Premises Deployments

Configure directory integration in an on-premises deployment so that user data in Cisco Unified Communications Manager is synchronized with your corporate directory. You can also configure Cisco Unified Communications Manager to proxy authentication to your directory server when users sign in to the client.

Synchronize with the Directory Server

Directory server synchronization ensures that contact data in your directory server is replicated to Cisco Unified Communications Manager.

Enable Synchronization

The first step to synchronize with a directory server is to enable synchronization on Cisco Unified Communications Manager.
Procedure
    Step 1   Open the Cisco Unified CM Administration interface.
    Step 2   Select System > LDAP > LDAP System.

    The LDAP System Configuration window opens.

    Step 3   Locate the LDAP System Information section.
    Step 4   Select Enable Synchronizing from LDAP Server.
    Step 5   Select the type of directory server from which you are synchronizing data from the LDAP Server Type drop-down list.

    What to Do Next

    Specify an LDAP attribute for the user ID.

    Populate User ID and Directory URI

    When you synchronize your LDAP directory server with Cisco Unified Communications Manager, you can populate the end user configuration tables in both the Cisco Unified Communications Manager and the Cisco Unified Communications Manager IM and Presence databases with attributes that contain values for the following:
    User ID

    You must specify a value for the user ID on Cisco Unified Communications Manager. This value is required for the default IM address scheme and for users to log in. The default value is sAMAccountName.

    Directory URI
    You should specify a value for the directory URI if you plan to:
    • Enable URI dialing in Cisco Jabber.
    • Use the directory URI address scheme on Cisco Unified Communications Manager IM and Presence version 9.1(1) and higher.


    When Cisco Unified Communications Manager synchronizes with the directory source, it retrieves the values for the directory URI and user ID and populates them in the end user configuration table in the Cisco Unified Communications Manager database.

    The Cisco Unified Communications Manager database then synchronizes with the Cisco Unified Communications Manager IM and Presence database. As a result, the values for the directory URI and user ID are populated in the end user configuration table in the Cisco Unified Communications Manager IM and Presence database.

    Specify an LDAP Attribute for the User ID

    When you synchronize from your directory source to Cisco Unified Communications Manager, you can populate the user ID from an attribute in the directory. The default attribute that holds the user ID is sAMAccountName.

    Procedure
      Step 1   Locate the LDAP Attribute for User ID drop-down list on the LDAP System Configuration window.
      Step 2   Specify an attribute for the user ID as appropriate and then select Save.
      Important:

      If the attribute for the user ID is other than sAMAccountName, you must specify the attribute as the value for the BDIUserAccountName parameter in your client configuration file as follows:

      <BDIUserAccountName>attribute-name</BDIUserAccountName>

      If you do not specify the attribute in your configuration, and the attribute is other than sAMAccountName, the client cannot resolve contacts in your directory. As a result, users do not get presence and cannot send or receive instant messages.


      Specify an LDAP Attribute for the Directory URI

      On Cisco Unified Communications Manager version 9.0(1) and higher, you can populate the directory URI from an attribute in the directory. The default attribute is msRTCSIP-primaryuseraddress.

      Procedure
        Step 1   Select System > LDAP > LDAP Directory.
        Remember:

        To add or edit an LDAP directory, you must first enable synchronization.

        Step 2   Select the appropriate LDAP directory or select Add New to add an LDAP directory.
        Step 3   Locate the Standard User Fields To Be Synchronized section.
        Step 4   Select the appropriate LDAP attribute for the Directory URI drop-down list.
        Step 5   Select Save.

        Perform Synchronization

        After you add a directory server and specify the required parameters, you can synchronize Cisco Unified Communications Manager with the directory server.
        Before You Begin
        If your environment includes a presence server, you should ensure the following feature service is activated and started before you synchronize with the directory server:
        • Cisco Unified Presence: Cisco UP Sync Agent
        • Cisco Unified Communications Manager IM and Presence: Cisco Sync Agent

        This service keeps data synchronized between the presence server and Cisco Unified Communications Manager. When you perform the synchronization with your directory server, Cisco Unified Communications Manager then synchronizes the data with the presence server. However, the Cisco Sync Agent service must be activated and started.

        Procedure
          Step 1   Select System > LDAP > LDAP Directory.
          Step 2   Select Add New.

          The LDAP Directory window opens.

          Step 3   Specify the required details on the LDAP Directory window.

          See the Cisco Unified Communications Manager Administration Guide for more information about the values and formats you can specify.

          Step 4   Select Save.
          Step 5   Select Peform Full Sync Now.
          Note   

          The amount of time it takes for the synchronization process to complete depends on the number of users that exist in your directory. If you synchronize a large directory with thousands of users, you should expect the process to take some time.


          User data from your directory server is synchronized to the Cisco Unified Communications Manager database. Cisco Unified Communications Manager then synchronizes the user data to the presence server database.

          Authenticate with the Directory Server

          You should configure Cisco Unified Communications Manager to authenticate with the directory server. When users log in to the client, the presence server routes that authentication to Cisco Unified Communications Manager. Cisco Unified Communications Manager then proxies that authentication to the directory server.
          Procedure
            Step 1   Open the Cisco Unified CM Administration interface.
            Step 2   Select System > LDAP > LDAP Authentication.
            Step 3   Select Use LDAP Authentication for End Users.
            Step 4   Specify LDAP credentials and a user search base as appropriate.

            See the Cisco Unified Communications Manager Administration Guide for information about the fields on the LDAP Authentication window.

            Step 5   Select Save.