Configuration Guide for Cisco Unified Videoconferencing Manager Release 5.5
Provisioning Resource Manager Users via a Directory Server
Download this chapter
Provisioning Resource Manager Users via a Directory ServerProvisioning Resource Manager Users via a Directory Server
Download the complete book
Configuration Guide for Cisco Unified Videoconferencing Manager Release 5.5Configuration Guide for Cisco Unified Videoconferencing Manager Release 5.5 (PDF - 2 MB)
give_us_feedback

Table Of Contents

Provisioning Resource Manager Users via a Directory Server

Synchronizing User Information

Accessing User Information in Active Directory Server

Synchronizing Resource Manager with Active Directory Server

Configuring a Connection to an LDAP Server

Mapping Resource Manager User Roles to ADS Users

Defining Virtual Rooms for All LDAP Users

Forcing Resource Manager to Use a Virtual Room

Resource Manager LDAP Information Attributes


Provisioning Resource Manager Users via a Directory Server

Synchronizing User Information

Accessing User Information in Active Directory Server

Synchronizing Resource Manager with Active Directory Server

Configuring a Connection to an LDAP Server

Configuring a Connection to an LDAP Server

Defining Virtual Rooms for All LDAP Users

Forcing Resource Manager to Use a Virtual Room

Resource Manager LDAP Information Attributes

Synchronizing User Information

If an organization uses an external directory server, Resource Manager can synchronize user information with the directory server, minimizing user setup and maintenance.

Resource Manager supports Microsoft Active Directory Server (ADS) 2000 and 2003.

When Resource Manager connects to an external directory server, each user defined in the directory server is included in Resource Manager, along with the associated user type for that user. If no user type is defined, a user is assigned the user type defined at Advanced Settings > LDAP Configurations > Advanced. The default user type setting is Meeting Organizer.

During the organization account creation process, Resource Manager registers the first user (the technical contact)—usually the administrator who performs the installation. This technical contact is automatically assigned the Organization Administrator user type, with permission to log in and provision the other users. The technical contact cannot be deleted from within Resource Manager and should not be deleted from the directory server.

If the directory server is customized not to use standard schema attributes and class labels, the Resource Manager installation application will not correctly configure the database to synchronize with the directory server.

Accessing User Information in Active Directory Server

This section describes how to access user information in Microsoft Active Directory Server (ADS) 2000 and 2003.

Procedure

Step 1 To view information for a user in the host Active Directory Server (ADS), select one of the following paths, depending on the Active Directory version you are using:

Start > Programs > Administrative Tools > Active Directory Users and Computers

Start > Settings > Control Panel > Administrative Tools > Active Directory Users and Computers

Step 2 To access the user list, open the User folder.

Step 3 In the user list, right-click the required user and then select Properties.

Step 4 To view the user ID for the selected user, select the General tab.

Step 5 To view the login name for the selected user, select the Account tab.

Synchronizing Resource Manager with Active Directory Server

We assume that Active Directory Server (ADS) includes an organizational unit (OU) called "China" with a sub-OU called "User".

Resource Manager currently supports synchronization with a single directory server only.

Procedure

Step 1 Create the following groups for users under China:

Organization Administrator

Meeting Organizer

Meeting Operator

Regular User

Note These groups can be used by users belonging to any OU(s) in ADS.

Step 2 Create users in the organizational unit China > Users.

If you do not configure the following properties for each new user, Resource Manager does not download the user from ADS:

Logon name

First name and/or last name

E-mail address.

Note Resource Manager does not download users with no e-mail address configured if you select Do not update users without an e-mail address from the LDAP server...at Admin > Advanced Settings > LDAP Configurations > Advanced.

Step 3 In Resource Manager, go to Advanced Settings > LDAP Configurations and enter "ou=Users,ou=China" in the LDAP Search Base field.

Step 4 Download the users from China > Users.

The user account used for ADS synchronization requires the following attributes:

Read-only access to all the users to be downloaded from ADS.

The user account does not need to be part of the search base. This means that the user account used for accessing ADS does not have to be downloaded to Resource Manager.

Step 5 To download users from more than one organizational unit, separate the organizational units with a semicolon.

For example, if there are two sub-OUs under "China" called "Users" and "Contractors", enter the following string in the LDAP Search Base field:

"ou=Users,ou=China;ou=Contractors,ou=China"

Step 6 For a user to be downloaded from a directory server, the following properties must be defined for that user on the directory server:

User ID and password.

First name or last name.

E-mail address.

Belong to an OU.

Belong to a group (if you want to assign user role based on group).

Step 7 In Resource Manager, go to Advanced Settings > LDAP Configurations > Advanced and use the Do not update users without an e-mail address from the LDAP server to... and Update Frequency options to define record synchronization.

Step 8 To map specific Resource Manager user roles to ADS users, see the "Configuring a Connection to an LDAP Server" section.

Configuring a Connection to an LDAP Server

Procedure

Step 1 Click Advanced Settings in the sidebar menu.

Step 2 Click LDAP Configurations.

Step 3 Select the type of LDAP server to connect Resource Manager to in the Directory Server Type field.

Step 4 Enter the URL, login ID, and password of the LDAP server in the relevant fields.

Note The user account needs to have read access to all user accounts that you want to synchronize to Resource Manager. This user account does not have to be part of the search base.

Step 5 Enter the organization domain in the LDAP Server Domain field.

If Single Sign-On (SSO) is enabled, the machine domain of the user who is trying to access the Resource Manager interface must match that of the LDAP Server Domain field at Admin > Advanced Settings > LDAP Configurations.

Step 6 Enter search strings in the LDAP Search Base field.

Examples of search conditions are "ou" and "cn".

Step 7 Click OK to save your changes.

Mapping Resource Manager User Roles to ADS Users

Procedure

Step 1 Click Advanced Settings in the sidebar menu.

Step 2 Click LDAP Configurations.

Step 3 Click Advanced.

Step 4 In the Mapping Groups to User Type section, assign LDAP users to different user roles in Resource Manager by assigning an LDAP group to a specific Resource Manager user role.

The following user types are available:

Organization Administrator

Meeting Operator

Meeting Organizer

Regular User

Default User Type

By default, all users are assigned the Organization Administrator user role.

Step 5 Enter the name of an ADS user group in the Selected Groups field, or click the Select button in each row to map an ADS user group to each Resource Manager default user type.

For example, to assign all users in the ADS Organization Administrator user group to the Resource Manager Organization Administrator user role, type "Organization Administrator" in the Selected Groups field next to the Organization Administrator user type.

You can assign multiple ADS user groups to each Resource Manager user role.

Resource Manager maps all users that are not assigned to any listed Resource Manager user role to the user role specified in the Default User Type field.

To instruct Resource Manager not to download users that are not assigned to any listed Resource Manager user role, set the Default User Type field to Don't Download.

Step 6 Click OK to save your changes.

Defining Virtual Rooms for All LDAP Users

This section describes how to define a unique virtual meeting room for a specified LDAP user.

Each user can schedule a meeting in his/her own virtual room, or schedule a random meeting. A user cannot schedule a meeting in the virtual room of another user.

A virtual room is created for each user during LDAP synchronization.

To automatically create a virtual room, the following conditions must be met:

The value of the LDAP field mapped to the virtual room must be numeric.

The virtual room number for an LDAP server is not editable on the virtual room profile screen.

If the same virtual room number is defined for two users in the LDAP server, the virtual room is created for only one of the users.

Each virtual room obeys the default settings defined at Advanced Settings > Default Meeting Settings.

Procedure

Step 1 Click Advanced Settings in the sidebar menu.

Step 2 Click LDAP Configurations.

Step 3 Click Advanced.

Step 4 Check Virtual Room Number to create a virtual room for all LDAP users.

Step 5 Select a parameter that you want to use as the virtual room number.

By default, the telephoneNumber parameter is used since everyone within an organization should have a unique telephone number.

The resulting virtual room is the concatenation of the Resource Manager Meeting ID prefix and the LDAP field that is used for generating the virtual room number.

Step 6 Click OK save your changes.

Forcing Resource Manager to Use a Virtual Room

This section describes how to force endpoint-initiated ad hoc conferences to be hosted in a predefined virtual room.

Procedure

Step 1 In the Resource Manager Configuration Tool, go to System Configuration > Scheduling Settings.

Step 2 Check Allow Only Endpoint Initiated Virtual Room Meetings to ensure that endpoint-initiated ad hoc conferences can only be hosted within a predefined virtual room.

You cannot create random conferences when Allow Only Endpoint Initiated Virtual Room Meetings is checked.

This configuration prevents users from dialing into the system and randomly creating MCU conferences and using up MCU ports. If all virtual rooms are PIN protected, only users who know the virtual room PIN can create endpoint-initiated conferences.

Note The Allow Only Endpoint Initiated Virtual Room Meetings option is enabled only when the Allow Endpoint Initiated Multipoint Calls field is checked.

Resource Manager LDAP Information Attributes

Table 15-1 lists the LDAP information attributes used by Resource Manager.

Table 15-1 Resource Manager LDAP Information Attributes 

Identifier
Attribute
Description

1

uid

User identifier

2

email

User e-mail address

3

telephone

User telephone number

4

mobile

User mobile telephone number

5

fax

User fax number

6

cn

Full name of user

7

givenName

Given name of user

8

sn

Surname of user

9

company

User company name

10

branch

Branch

11

department

Department

12

country

Country

13

state

State

14

city

City

15

description

Description

16

zipCode

Zip code

17

address

Address