The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to correct the Lightweight Directory Access Protocol (LDAP) search issue with a custom base filter for Cisco Jabber for Windows.
Cisco recommends that you have knowledge of Cisco Jabber for Windows.
The information in this document is based on Cisco Jabber for Windows.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
When an attribute such as employeeID s added in the BaseFilter specified in the jabber-config.xml file, no results are found even though the users have this attribute populated in Active Directory (AD). When a base filter is created without this attribute it works as designed.
When you use ldp.exe to query the LDAP, the filter with this attribute works as designed.
This code works:
It fails if you add (employeeid=*):
Jabber for Windows can connect to a domain controller (TCP port 389 or secure 636) or a global catalog (TCP port 3268 or secure 3269). This is controlled by the ConnectionType parameter in the jabber-config.xml file where 0 = global catalog (default value) and 1 = domain controller.
If you connect to the global catalog, you need to ensure that all the attributes present in the LDAP filter are propagated to the global catalog. If one attribute from the LDAP filter is not present in the global catalog, the search request that uses this filter does not return any results. By default, only a subset of attributes is propagated to the global catalog. One of these attributes which is not propagated by default is employeeID.
Point Jabber to a domain controller instead of the global catalog (in your jabber-config.xml file, set the directory parameter ConnectionType to 1 instead of 0). This is not recommended as the performance of a domain controller is slower compared to a global catalog so it results in poorer performance of the Jabber client.
Replicate the needed attribute (employeeID) to the global catalog servers in your AD environment. Check with your AD administrator to verify it will be updated. In order to perform this change, go the domain controller with schema administrator rights: