Configure Directory Integration

Configure Directory Integration for an On-Premises Deployment

Procedure

  Command or Action Purpose
Step 1

Enable Synchronization.

To replicate contact data to Cisco Unified Communications Manager.
Step 2

Configure IM Address Scheme

Only for Cisco Unified Communications Manager IM and Presence Service release 10.x or later.
Step 3

Populate User ID and Directory URI

Populate the user ID and directory URI from an attribute in the directory.
Step 4

Perform Synchronization

Synchronize Cisco Unified Communications Manager with the directory server.
Step 5

Authenticate with the LDAP Server.

Configure Cisco Unified Communications Manager to authenticate with the directory server

Enable Synchronization

To ensure that contact data in your directory server is replicated to Cisco Unified Communications Manager, you must synchronize with the directory server. Before you can synchronize with the directory server, you must enable synchronization.

Procedure

Step 1

Open the Cisco Unified CM Administration interface.

Step 2

Select System > LDAP > LDAP System.

The LDAP System Configuration window opens.

Step 3

Locate the LDAP System Information section.

Step 4

Select Enable Synchronizing from LDAP Server.

Step 5

Select the type of directory server from which you are synchronizing data from the LDAP Server Type drop-down list.

What to do next

Specify an LDAP attribute for the user ID.

Configure IM Address Scheme

This feature is supported on Cisco Unified Communications Manager IM and Presence Service release 10.x or later. For versions of Cisco Unified Communications Manager IM and Presence Service release 9.x and earlier the default IM address scheme used is UserID@[Default Domain].

Procedure

Step 1

Choose the IM Address Scheme.

  1. Open Cisco Unified CM IM and Presence Administration.

  2. Select Presence > Settings > Advanced Configuration

    The Advanced Presence Settings window opens.

  3. Select IM Address Scheme and from the list choose one of the following:

    • UserID@[Default Domain]

      If you use the UserID, ensure that you configure a default domain. For example, services must be named cups.com and not cups.

    • Directory URI
Step 2

Select the required mapping.

  1. Open Cisco Unified CM Administration.

  2. Select System > LDAP > LDAP Directory.

    The Find and List LDAP Directories window opens.

  3. Find and select the directory from the list.

    The LDAP Directory window opens.

  4. In the Standard User Fields To Be Synchronized section choose the mapping:

    • User ID mapped to an LDAP field, the default is sAMAccountName.

    • Directory URI mapped to either mail or msRTCSIP-primaryuseraddress.

Populate User ID and Directory URI

When you synchronize your LDAP directory server with Cisco Unified Communications Manager, you can populate the end user configuration tables in both the Cisco Unified Communications Manager and the Cisco Unified Communications Manager IM and Presence Service databases with attributes that contain values for the following:

  • User ID — You must specify a value for the user ID on Cisco Unified Communications Manager. This value is required for the default IM address scheme and for users to sign in. The default value is sAMAccountName.

  • Directory URI — You should specify a value for the directory URI if you plan to:

    • Enable URI dialing in Cisco Jabber.

    • Use the directory URI address scheme on Cisco Unified Communications Manager IM and Presence Service version 10 and higher.

Directory attribute synchronization

When Cisco Unified Communications Manager synchronizes with the directory source, it retrieves the values for the directory URI and user ID and populates them in the end user configuration table in the Cisco Unified Communications Manager database.

The Cisco Unified Communications Manager database then synchronizes with the Cisco Unified Communications Manager IM and Presence Service database. As a result, the values for the directory URI and user ID are populated in the end user configuration table in the Cisco Unified Communications Manager IM and Presence Service database.

Specify an LDAP Attribute for the User ID

When you synchronize from your directory source to Cisco Unified Communications Manager, you can populate the user ID from an attribute in the directory. The default attribute that holds the user ID is sAMAccountName.

Procedure
Step 1

Locate the LDAP Attribute for User ID drop-down list on the LDAP System Configuration window.

Step 2

Specify an attribute for the user ID as appropriate and then select Save.

Important 

If the attribute for the user ID is other than sAMAccountName and you are using the default IM address scheme in Cisco Unified Communications Manager IM and Presence Service, you must specify the attribute as the value for the parameter in your client configuration file as follows:

The EDI parameter is UserAccountName. 

<UserAccountName>attribute-name</UserAccountName>
The BDI parameter is BDIUserAccountName. 
<BDIUserAccountName>attribute-name</BDIUserAccountName>

If you do not specify the attribute in your configuration, and the attribute is other than sAMAccountName, the client cannot resolve contacts in your directory. As a result, users do not get presence and cannot send or receive instant messages.

Specify an LDAP Attribute for the Directory URI

On Cisco Unified Communications Manager release 9.0(1) and later, you can populate the directory URI from an attribute in the directory.

Before you begin

Enable Synchronization.

Procedure
Step 1

Select System > LDAP > LDAP Directory.

Step 2

Select the appropriate LDAP directory or select Add New to add an LDAP directory.

Step 3

Locate the Standard User Fields To Be Synchronized section.

Step 4

Select one of the following LDAP attributes from the Directory URI drop-down list:

  • msRTCSIP-primaryuseraddress—This attribute is populated in the AD when Microsoft Lync or Microsoft OCS are used. This is the default attribute.

  • mail
Step 5

Select Save.

Perform Synchronization

After you add a directory server and specify the required parameters, you can synchronize Cisco Unified Communications Manager with the directory server.

Before you begin

If your environment includes a presence server, you should ensure the following feature service is activated and started before you synchronize with the directory server:

  • Cisco Unified Presence — Cisco UP Sync Agent

  • Cisco Unified Communications Manager IM and Presence ServiceCisco Sync Agent

This service keeps data synchronized between the presence server and Cisco Unified Communications Manager. When you perform the synchronization with your directory server, Cisco Unified Communications Manager then synchronizes the data with the presence server. However, the Cisco Sync Agent service must be activated and started.

Procedure

Step 1

Select System > LDAP > LDAP Directory.

Step 2

Select Add New.

The LDAP Directory window opens.

Step 3

Specify the required details on the LDAP Directory window.

See the Cisco Unified Communications Manager Administration Guide for more information about the values and formats you can specify.

Step 4

Create an LDAP Directory Synchronization Schedule to ensure that your information is synchronized regularly.

Step 5

Select Save.

Step 6

Select Perform Full Sync Now.

Note 

The amount of time it takes for the synchronization process to complete depends on the number of users that exist in your directory. If you synchronize a large directory with thousands of users, you should expect the process to take some time.

User data from your directory server is synchronized to the Cisco Unified Communications Manager database. Cisco Unified Communications Manager then synchronizes the user data to the presence server database.

Authenticate with the LDAP Server

Perform this procedure if you want to enable LDAP authentication so that end user passwords are authenticated against the password that is assigned in the company LDAP directory. LDAP authentication gives system administrators the ability to assign an end user a single password for all company applications. This configuration applies to end user passwords only and does not apply to end user PINs or application user passwords. When users sign in to the client, the presence service routes that authentication to Cisco Unified Communications Manager. Cisco Unified Communications Manager then sends that authentication to the directory server.

Procedure

Step 1

Open the Cisco Unified CM Administration interface.

Step 2

Select System > LDAP > LDAP Authentication.

Step 3

Select Use LDAP Authentication for End Users.

Step 4

Specify LDAP credentials and a user search base as appropriate.

See the Cisco Unified Communications Manager Administration Guide for information about the fields on the LDAP Authentication window.

Step 5

Select Save.

Configure Directory Integration for Cloud-Based Deployments

Procedure

  Command or Action Purpose
Step 1

Review Directory Integration.

Review the topics.
Step 2

See Understanding the Configuration Tab.

Configure your organization information.

Step 3

See Overview of User Management.

Create and provision users.

Step 4

Add Directory Groups.

Add Directory Groups

Directory groups, or enterprise groups, provide contact groups that administrators define for users.

Procedure

Step 1

Set up directory integration.

Step 2

Define your directory groups in a comma-separated values (.csv) file.

Step 3

Import your directory groups using the Cisco WebEx Administration Tool.