-
Cisco Unified Communications Manager Administration Guide, Release 9.0(1)
-
Preface
- Cisco Unified Communications Manager
-
System setup
-
Server setup
-
Cisco Unified Communications Manager setup
-
Cisco Unified Communications Manager group setup
-
Phone NTP reference setup
-
Date and time group setup
-
Region setup
-
Device pool setup
-
DHCP server setup
-
DHCP subnet setup
-
LDAP system setup
-
LDAP directory setup
-
LDAP authentication setup
-
LDAP custom filter setup
-
Location setup
-
Survivable remote site telephony setup
-
MLPP Domain setup
-
Resource Priority Namespace Network Domain setup
-
Resource Priority Namespace List setup
-
E911 messages
-
Enterprise parameter setup
-
Enterprise phone setup
-
Service parameter setup
-
Application server setup
-
Autoregistration setup
-
Other system menu options
-
-
Call routing setup
-
Automated alternate routing group setup
-
Application dial rule setup
-
Directory lookup dial rule setup
-
SIP dial rule setup
-
Route filter setup
-
Route group setup
-
Route list setup
-
Route pattern setup
-
Line group setup
-
Hunt list setup
-
Hunt pilot setup
-
SIP route pattern setup
-
Time period setup
-
Time schedule setup
-
Partition setup
-
Calling search space setup
-
Translation pattern setup
-
Directory number setup
-
Meet-Me number and pattern setup
-
Dial plan installer
-
Route plan report
-
Calling party transformation pattern setup
-
Called party transformation pattern setup
-
Intercluster directory URI
-
Other call routing menu options
-
- Media resource setup
- Advanced features setup
-
Device setup
-
CTI route point setup
-
Gatekeeper setup
-
Gateway setup
-
Cisco Unified IP Phone setup
-
Trunk setup
-
Device defaults setup
-
Device firmware load information
-
Default device profile setup
-
Device profile setup
-
Phone button template setup
-
Softkey template setup
-
IP phone services setup
-
SIP profile setup
-
Common device setup
-
Common phone profile setup
-
Feature Control Policy setup
-
Recording Profile setup
-
SIP normalization script setup
-
Other device menu options
-
- Application setup
-
User management setup
-
Credential policy default setup
-
Credential policy setup
-
Application user setup
-
End user setup
-
Role setup
-
Access control group setup
-
End user phone addition
-
UC service setup
-
Service profile setup
-
Universal device template setup
-
Feature group template setup
-
Quick user and phone addition
-
Other user management menu options
-
- Cisco Unified Communications Manager Bulk Administration
-
Dependency records
-
Non-Cisco SIP phones setup
-
AS-SIP configuration
-
Index
-
Feedback
LDAP directory setup
This chapter provides information to configure the LDAP directory. The LDAP direcotry configuration takes place in these related windows:
For additional information, see topics related to the directory, application users, and end users in the Cisco Unified Communications Manager System Guide.
Related Information
About LDAP directory setup
In Cisco Unified Communications Manager Administration, use the menu path to configure LDAP directories.
In the LDAP Directory window, you specify information about the LDAP directory; for example, the name of the LDAP directory, where the LDAP users exist, how often to synchronize the data, and so on.
Before you begin
Before you can synchronize the LDAP directory, you must activate the Cisco DirSync service. For information about how to activate services, see the Cisco Unified Serviceability Administration Guide.
Changes to LDAP Directory information and LDAP Authentication settings are possible only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System Configuration window.
LDAP directory settings
The following table describes the LDAP directory settings.
Table 1 LDAP directory settings Field
Description
LDAP Directory Information
LDAP Configuration Name
Enter a unique name (up to 40 characters) for the LDAP directory.
LDAP Manager Distinguished Name
Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.
LDAP Password
Enter a password (up to 128 characters) for the LDAP Manager.
Confirm Password
Reenter the password that you provided in the LDAP Password field.
LDAP User Search Base
Enter the location (up to 256 characters) where all LDAP users exist. This location acts as a container or a directory. This information varies depending on customer setup.
LDAP Custom Filter
Select an LDAP custom filter from the drop-down list. The LDAP filter filters the results of LDAP searches. LDAP users that match the filter get imported into the Cisco Unified Communications Manager database, but LDAP users that do not match the filter do not get imported.
The default value is <None>. This value applies a default LDAP filter that is specific to the LDAP server type. These are the default LDAP filters:
- Microsoft Active Directory (AD):(&(objectclass=user)(!(objectclass=Computer)) (!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
- iPlanet or Sun One LDAP Server:(objectclass=inetOrgPerson)
- OpenLDAP:(objectclass=inetOrgPerson)
- Microsoft Active Directory Application Mode (ADAM):(&(objectclass=user) (!(objectclass=Computer))(!(msDS-UserAccountDisabled=TRUE)))
For more information about LDAP filters, see the LDAP custom filter setup.
LDAP Directory Synchronization Schedule
Perform Sync Just Once
If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database only once, check this check box.
Perform a Re-sync Every
If you want to perform synchronization of the data in this LDAP directory with the data in the Cisco Unified Communications Manager database at a regular interval, use these fields.
In the left field, enter a number. In the drop-down list box, choose a value:
Cisco Unified Communications Manager can synchronize directory information every 6 hours, which is the minimum value allowed for this field.
Note This field remains active only if you do not check the Perform Sync Just Once check box.
Next Re-sync Time (YYYY-MM-DD hh:mm)
Specify a time to perform the next synchronization of Cisco Unified Communications Manager directory data with this LDAP directory. Use a 24-hour clock to specify the time of day. For example, 1:00 pm equals 13:00.
Standard User Fields To Be Synchronized
LDAP User Fields
User ID
sAMAccountNameoruid
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
Middle Name
(drop-down list box)
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
For the LDAP User field, choose one of the following values:
Manager ID
manager
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
Phone Number
(drop-down list box)
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
For the LDAP User field, choose one of the following values:
Directory URI
(drop-down list box)
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
For the LDAP User field, choose one of the following values:
Note The msRTCSIP-primaryuseraddress option is only available if you choose Microsoft Active Directory as the LDAP Server Type in the LDAP System Configuration window.
Note The user portion of a directory URI is case sensitive. Whatever case the directory URI has in LDAP will be imported into Cisco Unified Communications Manager. For compatibility with third party call control systems, Cisco recommends using lower case for directory URIs.
First Name
givenName
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
Last Name
sn
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
Department
departmentordepart
mentnumber
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
Mail ID
(drop-down list box)
For these fields, the Cisco Unified Communications Manager data in the field specified at left gets synchronized with the LDAP user data in the field specified at right.
For the LDAP User field, choose one of the following values:
Custom User Fields To Be Synchronized
Custom User Field Name
Cisco Unified Communications Manager allows you to synchronize LDAP directory attributes that are not included among the defaults for the Standard User Fields to be Synchronized. Using Custom User Fields, you can synchronize LDAP attributes to a customized field that gets saved in the Cisco Unified Communications Manager database.
In the Custom User Field text box, enter a name for the customized field that you want to create. The custom user field can contain up to 64 alphanumeric characters, including spaces. Cisco Unified Communications Manager saves the new customized field in the database.
You can create up to five custom user fields. Click the (+) button to add additional rows on which you can create new fields.
LDAP Attribute
In the LDAP attribute field, enter a valid LDAP attribute that exists in your LDAP directory. The maximum field length is 128 characters.
LDAP Server Information
Host Name or IP Address for Server
Enter the host name or IP address of the server where the data for this LDAP directory resides.
LDAP Port
Enter the port number on which the corporate directory receives the LDAP requests. You can only access this field if LDAP authentication for end users is enabled.
The default LDAP port for Microsoft Active Directory and for Netscape Directory specifies 389. The default LDAP port for Secured Sockets Layer (SSL) specifies 636.
How your corporate directory is configured determines which port number to enter in this field. For example, before you configure the LDAP Port field, determine whether your LDAP server acts as a Global Catalog server and whether your configuration requires LDAP over SSL. Consider entering one of the following port numbers:
LDAP Port when LDAP server is not a Global Catalog server:LDAP Port when LDAP server Is a Global Catalog server:
- 3268—When SSL is not required.
- 3269—When SSL is required. (If you enter this port number, make sure that you check the Use SSL check box.)
Tip Your configuration may require that you enter a different port number than the options that are listed in the preceding bullets. Before you configure the LDAP Port field, contact the administrator of your directory server to determine the correct port number to enter. Use SSL
Check this check box to use Secured Sockets Layer (SSL) encryption for security purposes.
Add Another Redundant LDAP Server
Click this button to add another row for entry of information about an additional server.
Perform Full Sync
Click this button to perform a full directory sync. While the directory is synchronizing, the button name changes to Cancel Full Sync. You can click the Cancel Full Sync button to cancel the sync.
In addition to the user fields that appear in Cisco Unified Communications Manager Administration, the Microsoft Active Directory Application Mode user fields that are described in the following table also get synchronized.
Table 2 Additional synchronized Microsoft Active Directory Application Mode user fields LDAP User Fields
UniqueIdentifier
ObjectGUID
Pager
pagerorpagertelephonenumber
Mobile
mobileormobiletelephonenumber
Title
title
Homephone
homephoneorhometelephonenumber
OCSPrimaryUserAddress
msRTCSIP-primaryuseraddress