Table Of Contents

Provisioning Resource Manager Users using a Directory Server

Synchronization of User Information

Accessing User Information in Active Directory Server

Synchronizing Resource Manager with Active Directory Server

Configuring a Connection to an LDAP Server

Mapping Resource Manager User Roles to ADS Users

Defining Virtual Rooms for All LDAP Users

Forcing Resource Manager to Use a Virtual Room

Resource Manager LDAP Information Attributes

Provisioning Resource Manager Users using a Directory Server

---

•Synchronization of User Information

•Accessing User Information in Active Directory Server

•Synchronizing Resource Manager with Active Directory Server

•Configuring a Connection to an LDAP Server

•Mapping Resource Manager User Roles to ADS Users

•Defining Virtual Rooms for All LDAP Users

•Forcing Resource Manager to Use a Virtual Room

•Resource Manager LDAP Information Attributes

Synchronization of User Information

If an organization uses an external directory server, Resource Manager can synchronize user information with the directory server, minimizing user setup and maintenance.

Resource Manager supports Microsoft Active Directory Server (ADS) 2000 and 2003.

When Resource Manager connects to an external directory server, each user defined in the directory server is included in Resource Manager, along with the associated user type for that user. If no user type is defined, a user is assigned the user type defined at Advanced Settings > LDAP Configurations > Advanced. The default user type setting is Meeting Organizer.

During the organization account creation process, Resource Manager registers the first user (the technical contact)—usually the administrator who performs the installation. This technical contact is automatically assigned the Organization Administrator user type, with permission to sign in and provision the other users. The technical contact cannot be deleted from within Resource Manager and should not be deleted from the directory server.

If the directory server is customized not to use standard schema attributes and class labels, the Resource Manager installation application will not correctly configure the database to synchronize with the directory server.

Accessing User Information in Active Directory Server

This section describes how to access user information in Microsoft Active Directory Server (ADS) 2000 and 2003.

Procedure

---

Step 1 Select one of the following paths to view information for a user in the host Active Directory Server (ADS), depending on the Active Directory version you are using:

•Start > Programs > Administrative Tools > Active Directory Users and Computers

•Start > Settings > Control Panel > Administrative Tools > Active Directory Users and Computers

Step 2 Open the User folder to access the user list.

Step 3 Right-click the required user in the user list and then select Properties.

Step 4 Select the General tab to view the user ID for the selected user.

Step 5 Select the Account tab to view the sign in name for the selected user.

---

Synchronizing Resource Manager with Active Directory Server

For the purposes of this topic, assume that Active Directory Server (ADS) includes an organizational unit (OU) called "China" with a sub-OU called "User".

Procedure

---

Step 1 Create the following groups for users under China:

•Organization Administrator

•Meeting Organizer

•Meeting Operator

•Regular User

---

Note These groups can be used by users belonging to any OU(s) in ADS.

---

Step 2 Create users in the organizational unit China > Users.

If you do not configure the following properties for each new user, Resource Manager does not download the user from ADS:

•Logon name

•First name and/or last name

•Email address.

---

Note Resource Manager does not download users with no e-mail address configured if you select Do not update users without an e-mail address from the LDAP server... at Admin > Advanced Settings > LDAP Configurations > Advanced.

---

Step 3 For a user to be downloaded from a directory server, the following properties must be defined for that user on the directory server:

•User ID and password.

•First name or last name.

•Email address.

•Belong to an OU.

•Belong to a group (if you want to assign user role based on group).

Step 4 In Resource Manager, go to Advanced Settings > LDAP Configurations > Advanced and use the Do not update users without an e-mail address from the LDAP server to... and Update Frequency options to define record synchronization.

Step 5 To map specific Resource Manager user roles to ADS users, see the "Configuring a Connection to an LDAP Server" section.

---

Configuring a Connection to an LDAP Server

To work with an LDAP server for user provisioning, you must select user provisioning using a directory server during the installation process.

To work with Microsoft Active Directory and the Resource Manager Outlook Client, select user provisioning using a directory server with Single Sign-on enabled.

After installation, configure video conferencing devices and terminals before defining LDAP server settings for user provisioning.

Procedure

---

Step 1 Select Advanced Settings in the sidebar menu.

Step 2 Select LDAP Configurations.

Step 3 Select Add to add a new LDAP server, or select the required LDAP server entry to modify an existing LDAP server.

Step 4 Select the type of LDAP server to connect Resource Manager to in the Directory Server Type field.

Step 5 Enter the directory server domain or directory server URL in the Domain/URL field.

Step 6 Enter the directory server sign in ID and password in the relevant fields.

---

Note The user account needs to have read access to all user accounts that you want to synchronize to Resource Manager. This user account does not have to be part of the search base.

---

Step 7 Select Configure to configure the LDAP Search Base field.

A tree structure appears showing all OUs defined on the directory server.

Step 8 Select the OUs that you want to download users from.

Step 9 Select Close.

The selected OUs are displayed in the LDAP Search Base field.

Step 10 Select OK to save your changes.

---

Mapping Resource Manager User Roles to ADS Users

Procedure

---

Step 1 Select Advanced Settings in the sidebar menu.

Step 2 Select LDAP Configurations.

Step 3 Select Advanced.

Step 4 Select Select next to each user type to assign LDAP user groups to a specific Resource Manager user role.

You can assign multiple LDAP user groups to each Resource Manager user role.

The following user types are available:

•Organization Administrator

•Meeting Operator

•Meeting Organizer

•Regular User

By default, all users are assigned the Meeting Organizer role.

Resource Manager maps all users that are not assigned to any listed Resource Manager user role to the user role specified in the Default User Type field.

Step 5 (Optional) Set the Default User Type field to Don't download to instruct Resource Manager not to download users that are not assigned to any listed Resource Manager user role.

Step 6 Select OK to save your changes.

---

Defining Virtual Rooms for All LDAP Users

This section describes how to define a unique virtual meeting room for a specified LDAP user.

Each user can schedule a meeting in his/her own virtual room, or schedule a random meeting. A user cannot schedule a meeting in the virtual room of another user.

A virtual room is created for each user during LDAP synchronization.

To automatically create a virtual room, the following conditions must be met:

•The value of the LDAP field mapped to the virtual room must be numeric.

•The virtual room number for an LDAP server is not editable on the virtual room profile screen.

•If the same virtual room number is defined for two users in the LDAP server, the virtual room is created for only one of the users.

Each virtual room obeys the default settings defined at Advanced Settings > Default Meeting Settings.

Procedure

---

Step 1 Select Advanced Settings in the sidebar menu.

Step 2 Select LDAP Configurations.

Step 3 Select Advanced.

Step 4 Check Virtual Room Number to create a virtual room for all LDAP users.

Step 5 Select a parameter that you want to use as the virtual room number.

By default, the telephoneNumber parameter is used since everyone within an organization should have a unique telephone number.

The resulting virtual room is the concatenation of the Resource Manager Meeting ID prefix and the LDAP field that is used for generating the virtual room number.

Step 6 Select OK save your changes.

---

Forcing Resource Manager to Use a Virtual Room

This section describes how to force endpoint-initiated ad hoc conferences to be hosted in a predefined virtual room.

Procedure

---

Step 1 Go to System Configuration > Scheduling Settings in the Resource Manager Configuration Tool.

Step 2 Select Allow Only Endpoint Initiated Virtual Room Meetings to ensure that endpoint-initiated ad hoc conferences can only be hosted within a predefined virtual room.

You cannot create random conferences when Allow Only Endpoint Initiated Virtual Room Meetings is selected.

This configuration prevents users from dialing into the system and randomly creating MCU conferences and using up MCU ports. If all virtual rooms are PIN protected, only users who know the virtual room PIN can create endpoint-initiated conferences.

---

Note The Allow Only Endpoint Initiated Virtual Room Meetings option is enabled only when the Allow Endpoint Initiated Multipoint Calls field is selected.

---

---

Resource Manager LDAP Information Attributes

Table 15-1 lists the LDAP information attributes used by Resource Manager.

Table 15-1 Resource Manager LDAP Information Attributes 

Identifier	Attribute	Description
1	uid	User identifier
2	email	User email address
3	telephone	User telephone number
4	mobile	User mobile telephone number
5	fax	User fax number
6	cn	Full name of user
7	givenName	Given name of user
8	sn	Surname of user
9	company	User company name
10	branch	Branch
11	department	Department
12	country	Country
13	state	State
14	city	City
15	description	Description
16	zipCode	Zip code
17	address	Address