Cisco Unified Communications Manager Administration Guide, Release 6.1(1)
LDAP System Configuration
Download this chapter
LDAP System ConfigurationLDAP System Configuration
Download the complete book
Cisco Unified Communications Manager Administration Guide, Release 6.1(1)Cisco Unified Communications Manager Administration Guide, Release 6.1(1) (PDF - 17 MB)
 Feedback

Table Of Contents

LDAP System Configuration

Updating LDAP System Information

LDAP System Configuration Settings

Related Topics


LDAP System Configuration

In Cisco Unified Communications Manager Release 5.0 and above, directory configuration takes place in three related windows:

LDAP System

LDAP Directory

LDAP Authentication

You can make changes to LDAP Directory information and LDAP Authentication settings only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System window.

Administrators use this window to enable LDAP synchronization and to set up the LDAP server type and the LDAP attribute name for the user ID.

Note After an LDAP Directory configuration for the DirSync service gets created or the LDAP user authentication is enabled, the settings in the LDAP System window become read-only.

Note After you configure LDAP synchronization in Cisco Unified Communications Manager Administration, users without last names in the corporate directory do not synchronize with the Cisco Unified Communications Manager database. No error displays in Cisco Unified Communications Manager Administration, but the log file indicates which users did not synchronize.

Use the following topics to configure LDAP system information:

Updating LDAP System Information

LDAP System Configuration Settings

Additional Information

See the "Related Topics" section.

Updating LDAP System Information

Use the following procedure to update LDAP system information.

Before You Begin

The setting of the Enable Synchronizing from LDAP Server check box in this window affects the administrator ability to modify end users. LDAP synchronization applies only to end users; LDAP synchronization does not affect application users. Refer to the "Understanding the Directory" section on page 20-1 for more information about LDAP synchronization.

For end user data, administrators cannot use the End User Configuration window to update the attributes that get synchronized from the corporate directory. You can update these attributes only in the corporate directory itself, after which you should perform a resynchronization.

Note If end users exist in the Cisco Unified Communications Manager database before synchronization with a corporate directory occurs, the system will delete those end users that did not have a matching user ID in the corporate directory. For example, if users bob and sanjay were in the Cisco Unified Communications Manager database, but only bob was in the LDAP directory, then sanjay would be marked inactive and eventually get deleted by the garbage collector program.

Procedure

Step 1 Choose System > LDAP > LDAP System.

Step 2 Enter the appropriate configuration settings as described in Table 14-1.

Step 3 To save your changes, click Save.

Additional Information

See the "Related Topics" section.

LDAP System Configuration Settings

Table 14-1 describes the LDAP system configuration settings. For related procedures, see the "Related Topics" section.

Table 14-1 LDAP System Configuration Settings 

Field
Description
LDAP System Information

Enable Synchronizing from LDAP Server

To enable synchronization of data from the customer LDAP server, check this check box.

If synchronization with the LDAP server is enabled, the following circumstances occur:

The administrator cannot modify end user data, except for the fields (attributes) that are not synchronized from the corporate directory. Example: user PIN. (The administrator can always modify application user data.)

The administrator can modify the LDAP Directory information.

The administrator can modify LDAP Authentication information.

If synchronization with the LDAP server is not enabled (is disabled), the following circumstances occur:

The administrator cannot modify LDAP Directory information.

The administrator cannot modify LDAP Authentication information.

LDAP Server Type

If synchronization with the LDAP server is currently enabled, you can choose one of the selections in this drop-down list box. Choose the value that corresponds to the customer LDAP server type:

Microsoft Active Directory

Netscape or Sun ONE LDAP Server

LDAP Attribute for User ID

If synchronization with the LDAP server is enabled, you can choose an LDAP attribute value for the user ID. Choose one of the following values from the drop-down list box:

For Microsoft Active Directory

sAMAccountName

mail

employeeNumber

telephoneNumber

userPrincipalName

For Netscape Sun ONE LDAP Server

uid

mail

employeeNumber

telephoneNumber


Related Topics

LDAP System Configuration

Updating LDAP System Information

LDAP System Configuration Settings

Understanding the Directory, Cisco Unified Communications Manager System Guide

LDAP Directory Configuration, page 15-1

LDAP Authentication Configuration, page 16-1

Application User Configuration, page 105-1

End User Configuration, page 106-1

Application Users and End Users, Cisco Unified Communications Manager System Guide