LDAP
Directory Information
|
LDAP
Configuration Name
|
Enter a
unique name (up to 40 characters) for the LDAP directory.
|
LDAP Manager
Distinguished Name
|
Enter the
user ID (up to 128 characters) of the LDAP Manager, who is an administrative
user that has access rights to the LDAP directory in question.
|
LDAP
Password
|
Enter a
password (up to 128 characters) for the LDAP Manager.
|
Confirm
Password
|
Reenter the
password that you provided in the LDAP Password field.
|
LDAP User
Search Base
|
Enter the
location (up to 256 characters) where all LDAP users exist. This location acts
as a container or a directory. This information varies depending on customer
setup.
|
LDAP
Custom Filter
|
Select an
LDAP custom filter from the drop-down list. The LDAP filter filters the results
of LDAP searches. LDAP users that match the filter get imported into the
Cisco Unified
Communications Manager database, but LDAP users that do not match the
filter do not get imported.
The
default value is <None>. This value applies a default LDAP filter that is
specific to the LDAP server type. These are the default LDAP filters:
-
Microsoft Active Directory
(AD):(&(objectclass=user)(!(objectclass=Computer))
(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
- iPlanet or Sun One LDAP
Server:(objectclass=inetOrgPerson)
- OpenLDAP:(objectclass=inetOrgPerson)
-
Microsoft Active Directory Application Mode
(ADAM):(&(objectclass=user)
(!(objectclass=Computer))(!(msDS-UserAccountDisabled=TRUE)))
|
LDAP
Directory Synchronization Schedule
|
Perform Sync
Just Once
|
If you want
to perform synchronization of the data in this LDAP directory with the data in
the
Cisco Unified Communications
Manager database only once, check this check box.
|
Perform a
Re-sync Every
|
If you want
to perform synchronization of the data in this LDAP directory with the data in
the
Cisco Unified Communications
Manager database at a regular interval, use these fields.
In the left
field, enter a number. In the drop-down list box, choose a value:
Cisco Unified Communications Manager can synchronize
directory information every 6 hours, which is the minimum value allowed for
this field.
Note
|
This field
remains active only if you do not check the Perform Sync Just Once check box.
|
|
Next Re-sync
Time (YYYY-MM-DD hh:mm)
|
Specify a
time to perform the next synchronization of
Cisco Unified Communications
Manager directory data with this LDAP directory. Use a 24-hour clock
to specify the time of day. For example, 1:00 pm equals 13:00.
|
Standard
User Fields To Be Synchronized
|
Cisco Unified Communications Manager User Fields
|
LDAP User
Fields
|
|
User ID
|
sAMAccountNameoruid
|
For these
fields, the
Cisco Unified Communications
Manager data in the field specified at left gets synchronized with
the LDAP user data in the field specified at right.
Note
|
Cisco
recommends that you do not use a slash (/) in the User ID field. Cisco User
Data Services will not function properly for the user when the User ID contains
a slash.
|
|
Middle Name
|
(drop-down
list box)
|
For these
fields, the
Cisco Unified Communications
Manager data in the field specified at left gets synchronized with
the LDAP user data in the field specified at right.
For the LDAP
User field, choose one of the following values:
|
Manager ID
|
manager
|
For these
fields, the
Cisco Unified Communications
Manager data in the field specified at left gets synchronized with
the LDAP user data in the field specified at right.
|
Work Number
|
(drop-down
list box)
|
For these
fields, the
Cisco Unified Communications
Manager data in the field specified at left gets synchronized with
the LDAP user data in the field specified at right.
For the LDAP
User field, choose one of the following values:
|
Title
|
title
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Mobile
Number
|
mobile
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Directory
URI
|
(drop-down
list box)
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
For the
LDAP User field, choose one of the following values:
- msRTCSIP-primaryuseraddress
- mail
- None
Note
|
The
msRTCSIP-primaryuseraddress option is only available if you choose Microsoft
Active Directory as the LDAP Server Type in the LDAP System Configuration
window.
|
Note
|
By
default, the user portion of a directory URI is case-sensitive. Under this
setting, whatever case the directory URI has in LDAP will be imported into
Cisco Unified Communications Manager. For compatibility with third party call
control systems, Cisco recommends that you change this setting by setting the
value of the URI Lookup Policy enterprise parameter to case-insensitive.
|
|
First Name
|
givenName
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Last Name
|
sn
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Department
|
departmentordepart mentnumber
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Mail ID
|
(drop-down
list box)
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
For the
LDAP User field, choose one of the following values:
|
Home
Number
|
homePhone
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Pager
Number
|
pager
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Display
Name
|
displayName
|
For these
fields, the
Cisco Unified
Communications Manager data in the field specified at left gets
synchronized with the LDAP user data in the field specified at right.
|
Custom
User Fields To Be Synchronized
|
Custom
User Field Name
|
Cisco
Unified Communications Manager allows you to synchronize LDAP directory
attributes that are not included among the defaults for the Standard User
Fields to be Synchronized. Using Custom User Fields, you can synchronize LDAP
attributes to a customized field that gets saved in the Cisco Unified
Communications Manager database.
In the
Custom User Field text box, enter a name for the customized field that you want
to create. The custom user field can contain up to 64 alphanumeric characters,
including spaces. Cisco Unified Communications Manager saves the new customized
field in the database.
You can
create up to five custom user fields. Click the
(+)
button to add additional rows on which you can create new fields.
|
LDAP
Attribute
|
In the
LDAP attribute field, enter a valid LDAP attribute that exists in your LDAP
directory. The maximum field length is 128 characters.
|
Group Information
|
Access
Control Groups
|
Use this
option to manage the Access Control Group to configure different levels of
access for new users that were synchronized from the LDAP directory.
Click the
Add to
Access Control Group button to open the Find and List Access Control Groups
window. From the list, select one or more Access Control Groups for a user.
Click the
Add
Selected button. The Find and List Access Control Groups window closes, and
the Update Users Configuration window now shows the selected groups in the list
box.
To delete
an existing Access Control Group, select the relevant Access Control Group from
the list box. Click the
Remove
from Access Control button to complete the process.
To add a
new Access Control Group to the Find and List Access Control Groups window, use
the following menu path:
|
Feature
Group Template
|
From the
drop-down list box, select the Feature Group template to be associated with the
new users that are synchronized from the LDAP directory.
To create
a Feature Group template that includes features such as mobility and IM and
Presence, use the following menu path:
If you do
not select a feature group template, a warning message displays as mentioned
below:
Warning
|
If no
template is selected, the new line features below will not be active.
|
If you
select a custom feature group template with no user profile, a warning message
displays as mentioned below:
Warning
|
The
selected Feature Group Template does not have a Universal Line Template
configured. The new line features below will not be active.
|
|
Apply mask to synced telephone numbers to create a new line for
inserted users
|
Check the
check box to apply mask to the synced telephone number of the user.
Enter a
mask value in the
Mask
text box. The
Mask
can contain one to twenty four characters including numbers (0-9), X, and x. It
must include at least one x or X.
For
example, if you set the mask as 11XX for the user with a telephone number
8889945, after the mask is applied, 1145 becomes the primary extension of the
user.
|
Assign new
line from the pool list if one was not created based on a synced LDAP telephone
number
|
Check the
check box to assign a new line from the DN pool list.
|
Next
Candidate DN
|
Displays
the next probable DN that will be assigned to the user.
The DN
from the next DN pool is displayed only after all the DNs from the first DN
pool are assigned.
Note
|
The
Next Candidate DN displays only when you check the
Assign new line from the pool list if one was not created based
on a synced LDAP telephone number check box.
|
|
Add DN
Pool
|
By
default, only one DN pool is available. Click this option to add more DNs to
the DN pool.
The
DN Pool Start and
DN Pool End values must conform to the following
requirements:
-
Must
be a number and can contain one to twenty characters
-
DN Pool End must be greater than
DN Pool Start
-
DN Pool Start and
DN Pool End must not be null
-
DN
range must be less than 10,000,000
Note
|
The
following error message displays if the DN range is not less than 10,000,000:
The DN range must be less than 10,000,000. Also, the Start DN
and End DN can only vary in the rightmost seven digits. If the DNs are greater
than seven digits long, the additional leftmost digits must be
identical.
|
Enter the
DN Pool Start and
DN Pool End values in the text box. You can reorder
the DN pool to prioritize the DNs that you want to assign.
If the
length of the start and end DN pools are different, an error message displays:
The DNs length must be identical.
You can
create only three DN pools.
|
LDAP
Server Information
|
Host Name
or IP Address for Server
|
Enter the
host name or IP address of the server where the data for this LDAP directory
resides.
|
LDAP Port
|
Enter the
port number on which the corporate directory receives the LDAP requests. You
can only access this field if LDAP authentication for end users is enabled.
The
default LDAP port for Microsoft Active Directory and for Netscape Directory
specifies 389. The default LDAP port for Secured Sockets Layer (SSL) specifies
636.
How your
corporate directory is configured determines which port number to enter in this
field. For example, before you configure the LDAP Port field, determine whether
your LDAP server acts as a Global Catalog server and whether your configuration
requires LDAP over SSL. Consider entering one of the following port numbers:
LDAP Port
when LDAP server is not a Global Catalog server:
-
389—When SSL is not required. (This port number specifies the
default that displays in the LDAP Port field.)
-
636—When SSL is required. (If you enter this port number, make
sure that you check the Use SSL check box.)
LDAP Port
when LDAP server Is a Global Catalog server:
-
3268—When SSL is not required.
-
3269—When SSL is required. (If you enter this port number, make
sure that you check the Use SSL check box.)
Tip
|
Your configuration may require that you enter a different port
number than the options that are listed in the preceding bullets. Before you
configure the LDAP Port field, contact the administrator of your directory
server to determine the correct port number to enter.
|
|
Use SSL
|
Check this
check box to use Secured Sockets Layer (SSL) encryption for security purposes.
Note
|
If LDAP
over SSL is required, the corporate directory SSL certificate must be loaded
into
Cisco Unified
Communications Manager. The
Cisco Unified Communications Operating System Administration
Guide documents the certificate upload procedure in the
Security chapter.
|
|
Add
Another Redundant LDAP Server
|
Click this
button to add another row for entry of information about an additional server.
|
Perform
Full Sync
|
Click this
button to perform a full directory sync. While the directory is synchronizing,
the button name changes to Cancel Full Sync. You can click the Cancel Full Sync
button to cancel the sync.
|