Contents
- Setup for Cisco Unified Presence
- Specifying Cisco Unified Presence Settings
- Starting Essential Services
- Firewall Requirements
- Setting Up Directory Search, IM, and Availability
- Setting Up LDAP Servers
- Creating LDAP Profiles and Adding Users
- Setting Up the LDAP Attribute Map
- Indexing Active Directory Attributes
- Turning IM Policy On or Off
- Specifying IM Policy Settings
- Setting Up URL Strings to Fetch Contact Pictures from Web Server
- Setting Up Connect on Demand VPN
- Preparing User Instructions
Setup for Cisco Unified Presence
This chapter describes how you can set up Cisco Jabber for iPad using Cisco Unified Presence.
- Specifying Cisco Unified Presence Settings
- Starting Essential Services
- Firewall Requirements
- Setting Up Directory Search, IM, and Availability
- Setting Up Connect on Demand VPN
- Preparing User Instructions
Specifying Cisco Unified Presence Settings
Procedure
Starting Essential Services
Start the following Cisco Unified Presence Extensible Communication Platform (XCP) services on all Cisco Unified Presence nodes in all clusters:
You may also start these Unified Presence XCP services on all Unified Presence nodes in all clusters, depending on what features you want to make available:
- Cisco Unified Presence XCP Text Conference Manager, for group chat
- Cisco Unified Presence XCP SIP Federation Connection Manager, to support federation services with third-party applications that use SIP
- Cisco Unified Presence XCP XMPP Federation Connection Manager, to support federation services with third-party applications that use XMPP
- Cisco Unified Presence XCP Counter Aggregator, if you want system administrators to be able to view statistical data on XMPP components
- Cisco Unified Presence XCP Message Archiver, for automatic archiving of all instant messages
Note
Read the documentation for any feature that you are setting up before you turn on the related services. Additional work might be required.
Firewall Requirements
Configure hardware firewalls to allow the ports to carry traffic for the application. Hardware firewalls are network devices that provide protection from unwanted traffic at an organizational level. This table lists the ports required for the deployments of Cisco Unified Communications Manager and Cisco Unified Presence. These ports must be open on all firewalls for the application to function properly.
Port Protocol Description Inbound 16384-32766 UDP Receives Real-Time Transport Protocol (RTP) media streams for video and audio. You set up these ports in Cisco Unified Communications Manager. Outbound 69, then Ephemeral TFTP Connects to the Trivial File Transfer Protocol (TFTP) server to download the TFTP file 80 and 6970 HTTP Connects to services such as Cisco WebEx Messenger for meetings and Cisco Unity Connection for voicemail features If no port is specified in a TFTP server address, Cisco Jabber for iPad will try port 6970 to obtain phone setup files and dial rule files.
5060 UDP/TCP Provides Session Initiation Protocol (SIP) call signaling 5061 TCP Provides secure SIP call signaling 8443 TCP Connects to the Cisco Unified Communications Manager IP Phone (CCMCIP) server to get a list of currently assigned devices 16384-32766 UDP UDP Sends RTP media streams for video and audio 389 TCP Connects to the LDAP server for contact searches 443 7080
VMRest HTTPS
Connects to Cisco Unity Connection to retrieve and manage voice messages. 636 LDAPS Connects to the secure LDAP server for contact searches Setting Up Directory Search, IM, and Availability
Review the following topics to set up IM and availability.
- Setting Up LDAP Servers
- Creating LDAP Profiles and Adding Users
- Setting Up the LDAP Attribute Map
- Indexing Active Directory Attributes
- Turning IM Policy On or Off
- Specifying IM Policy Settings
- Setting Up URL Strings to Fetch Contact Pictures from Web Server
Setting Up LDAP Servers
Procedure
Step 1 Select .
Note LDAP server configuration is done in Cisco Unified Communications Manager starting with Release 9.0.
Step 2 Select Add New. Step 3 Enter the LDAP server name. Step 4 Enter an IP address or an FQDN (Fully Qualified Domain Name) of the LDAP server. Step 5 Specify the port number used by the LDAP server. The defaults are: Check the LDAP directory documentation or the LDAP directory configuration for this information.
Step 6 Select TCP or TLS for the protocol type. Step 7 Select Save.
Creating LDAP Profiles and Adding Users
ProcedureCisco Jabber for iPad connects to an LDAP server on a per-search basis. If the connection to the primary server fails, the application attempts the first backup LDAP server, and if it is not available, it then attempts to connect to the second backup server. The application also periodically attempts to return to the primary LDAP server. If an LDAP query is in process when the system fails over, the next available server completes this LDAP query.
Step 1 Select .
Note LDAP profile configuration is done in Cisco Unified Communications Manager starting with Release 9.0.
Step 2 Select Add New. Step 3 Enter information in the fields.
Field Setting Name Enter the profile name limited to 128 characters. Description Optional. Enter a description limited to 128 characters. Bind Distinguished Name Optional. Enter the administrator-level account information limited to 128 characters. This is the distinguished name with which you bind for authenticated bind.
The syntax for this field depends on the type of LDAP server that you deploy. For details, see the LDAP server documentation.
Anonymous Bind Optional. Uncheck this option to use the user credentials to sign in to this LDAP server. For non-anonymous bind operations, Cisco Jabber for iPad receives one set of credentials. If configured, these credentials must be valid on the backup LDAP servers.
Note If you check Anonymous Bind, users can sign in anonymously to the LDAP server with read-only access. Anonymous access might be possible on your directory server, but Cisco does not recommend it. Instead, create a user with read-only privileges on the same directory where the users to be searched are located. Specify the directory number and password in Cisco Unified Presence for the application to use.
Password Optional. Enter the LDAP bind password limited to 128 characters. This is the password for the administrator-level account that you provided in the Bind Distinguished Name string to allow users to access this LDAP server. Confirm Password Reenter the password you entered in Password. Search Context Optional. Enter the location where you set up all the LDAP users. This location is a container or directory. The name is limited to 256 characters. Use only a single OU/LDAP search context. Recursive Search Optional. Check to perform a recursive search of the directory starting at the search base. Primary LDAP Server and Backup LDAP Server Select the primary LDAP server and optional backup servers. Add Users to Profile Select the button to open the Find and List Users window. Select Find to populate the search results fields. Alternatively, search for a specific user and select Find. To add users to this profile, select the users, and select Add Selected. Step 4 Select Save.
Setting Up the LDAP Attribute Map
Before You BeginProcedureSet up the LDAP attribute map on Cisco Unified Presence where you enter LDAP attributes for your environment and map them to the given Cisco Jabber for iPad attributes.
If you want to use LDAP to store your employee profile photos, use a third-party extension to upload the photo files to the LDAP server or extend the LDAP directory server schema by other means to create an attribute that the LDAP server can associate with an image.
For Cisco Jabber for iPad to display profile photos, in the LDAP attribute map, map the Jabber for iPad "Photo" value to the appropriate LDAP attribute.
Note
- Contact photos may be cropped when they are displayed in Jabber for iPad.
- The UPC UserID setting in the LDAP attribute map must match the Cisco Unified Communications Manager user ID. This mapping allows a user to add a contact from LDAP to the contact list in Cisco Jabber for iPad. This field associates the LDAP user with the corresponding user on Cisco Unified Communications Manager and Cisco Unified Presence.
- You can map an LDAP field to only one Cisco Jabber field.
Step 1 Select . Select
if you are using Release 9.0.Step 2 Select a supported LDAP server from Directory Server Type. The LDAP server populates the LDAP attribute map with Cisco Jabber user fields and LDAP user fields.
Step 3 If necessary, make modifications to the LDAP field to match your specific LDAP directory. The values are common to all LDAP server hosts. Note the following LDAP directory product mappings:
Step 4 Select Save.
Tip If you want to stop using the current attribute mappings and use the factory default settings, select Restore Defaults.
Indexing Active Directory Attributes
Index these Active Directory attributes:
In addition, index any attributes that are used for contact resolution. For example, you might need to index these attributes:
Turning IM Policy On or Off
ProcedureThis procedure describes how to turn on or off IM features for all IM applications in a Cisco Unified Presence cluster. IM features are turned on by default in Cisco Unified Presence.
Caution
If you turn off IM features in Cisco Unified Presence, all group chat functionality (ad hoc and persistent chat) will not work in Cisco Unified Presence. Cisco recommends that you do not turn on the Cisco UP XCP Text Conference service or set up an external database for persistent chat in Cisco Unified Presence.
Step 1 Select . Step 2 Select Enable instant messaging.
Note Step 3 Select Save. Step 4 Restart the Cisco UP XCP Router service.
Specifying IM Policy Settings
Procedure
Step 1 Select . Step 2 Turn on or off automatic authorization for viewing availability.
If you want to… Do this… Turn on automatic authorization so that Unified Presence automatically authorizes all availability subscription requests it receives from Jabber for iPad users in the local enterprise Check Allow users to view the availability of other users without being prompted for approval. Turn off automatic authorization so that Unified Presence sends all availability subscriptions to where the user is prompted to authorize or reject the subscription Uncheck Allow users to view the availability of other users without being prompted for approval. Step 3 Select . Step 4 Turn on or off these global settings: Step 5 Select Save. Step 6 Restart the Cisco UP XCP Router service.
Setting Up URL Strings to Fetch Contact Pictures from Web Server
You can set up a parameterized URL string in the Photo field in the LDAP attribute map so that Cisco Jabber for iPad can fetch pictures from a web server instead of from the LDAP server. The URL string must contain an LDAP attribute with a query value containing a piece of data that uniquely identifies the photo of the user. Cisco recommends that you use the User ID attribute. However, you can use any LDAP attribute whose query value contains a piece of data that uniquely identifies the photo of the user.
Cisco recommends that you use %%<userID>%% as the substitution string. For example:
- http://mycompany.example.com/photo/std/%%uid%%.jpg
- http://mycompany.example.com/photo/std/%%sAMAccountName%%.jpg
You must include the double percent symbols in this string, and they must enclose the name of the LDAP attribute to substitute. Cisco Jabber for iPad removes the percent symbols and replaces the parameter inside with the results of an LDAP query for the user whose photo it resolves.
For example, if a query result contains the attribute "uid" with a value of "johndoe," then a template such as http://mycompany.com/photos/%%uid%%.jpg creates the URL http://mycompany.com/photos/johndoe.jpg. Cisco Jabber for iPad attempts to fetch the photo.
This substitution technique works only if Cisco Jabber for iPad can use the results of the query and can insert it into the template you specify above to construct a working URL that fetches a JPG photo. If the web server that hosts the photos in a company requires a POST (for example, the name of the user is not in the URL) or uses some other cookie name for the photo instead of the username, this technique does not work.
Note
- Limit a URL length to 50 characters.
- Cisco Jabber for iPad does not support authentication for this query; the photo must be retrievable from the web server without credentials.
Preparing User Instructions
When you finish setting up Cisco Unified Presence, send your users an email message that includes the following information:
- Directions to download and install the app, named Cisco Jabber for iPad, from the App Store
- The user's username or email address
- Directions to input email address after the user starts the application on their iPad
- Instructions for connecting the device to the corporate Wi-Fi network. This process is independent of Cisco Jabber for iPad.
- Instructions for setting up VPN (Virtual Private Network) access on the device, if you allow users to use Cisco Jabber for iPad through VPN connections. This process is independent of Cisco Jabber for iPad.
- Directions to access the FAQs, which users can view by selecting
- Anything else you want to communicate with your users