Administration Guide for Cisco Unified MeetingPlace Directory Services Release 5.4
Introducing Cisco Unified MeetingPlace Directory Services
Download this chapter
Introducing Cisco Unified MeetingPlace Directory Services Introducing Cisco Unified MeetingPlace Directory Services
Download the complete book
PDF Version of the Entire BookPDF Version of the Entire Book (PDF - 3 MB)
 Feedback

Table Of Contents

Introducing Cisco Unified MeetingPlace Directory Services

About Cisco Unified MeetingPlace Directory Services

Directory Servers Overview

LDAP Overview

Cisco Unified MeetingPlace Profiles

Meta-Directory and the MetaLink Agreement

Correlation

Attribute Mapping

MetaLink Agreement and Configuration Files

Suspense Files


Introducing Cisco Unified MeetingPlace Directory Services

See the following sections:

About Cisco Unified MeetingPlace Directory Services

Directory Servers Overview

LDAP Overview

Cisco Unified MeetingPlace Profiles

Meta-Directory and the MetaLink Agreement

About Cisco Unified MeetingPlace Directory Services

With Cisco Unified MeetingPlace Directory Services, you can easily integrate the information that is stored on your corporate directory server with your Cisco Unified MeetingPlace system. By using LDAP technology, Directory Services creates an all-inclusive meta-directory that combines and synchronizes Microsoft Active Directory or Netscape/SunOne/iPlanet directory information with Cisco Unified MeetingPlace system information.

Benefits of Directory Services include the following:

For new Cisco Unified MeetingPlace enterprise systems, Directory Services eliminates the need to manually create new profiles in the Cisco Unified MeetingPlace system.

For existing systems, Directory Services simplifies ongoing maintenance of user information in the system. Name changes, additions, deletions, and changes in status can be automatically propagated from your corporate directory to the Cisco Unified MeetingPlace system.

Before you install and configure Directory Services, you should understand the following concepts:

Directory Servers Overview

LDAP Overview

Cisco Unified MeetingPlace Profiles

Meta-Directory and the MetaLink Agreement

Directory Servers Overview

A directory server stores the directory information of your company in a logical structure that organizes user, group, and access information for easy retrieval and maintenance. Use Cisco Unified MeetingPlace Directory Services to synchronize your directory server information with your Cisco Unified MeetingPlace system profiles.

Directory Services supports the following directory servers:

Microsoft Active Directory 2000 and 2003—Microsoft Active Directory allows you to store, access, and manipulate organizational information about users and resources, and manage all elements of a networked environment, such as computers, groups, users, policies, and other user-defined objects.

Netscape/SunOne/iPlanet LDAP Directory Server Version 4 and Version 5—Netscape/SunOne/ iPlanet is a general purpose LDAP directory that stores, publishes, and centrally manages users and network resources.

Cisco Unified CallManager directory—Synchronizations of user data from the Cisco Unified CallManager directory allow the Cisco Unified MeetingPlace system to support IP telephony users who are configured in Cisco Unified CallManager.

LDAP Overview

LDAP is a Directory Services protocol that runs on TCP/IP and allows you to search dynamically throughout a system to retrieve directory data from disparate e-mail, network, and human resource databases.

An LDAP directory uses a simple tree hierarchy, known as a Directory Information Tree (DIT), for logically grouping and subgrouping similar information. A DIT is based on a root directory that can include several subtrees. A typical DIT consists of the following subtrees:

country, c, which branches out to

organization, o, which branches out to

organizational unit, ou, which branches out to

common name, cn

Cisco Unified MeetingPlace Profiles

The attributes that identify and set options for each Cisco Unified MeetingPlace system user are stored in the user profile, which contains approximately 200 attributes, including the following:

Security settings, such as the user password

Preferred time zone

Preferred language

E-mail address

Advanced settings, such as whether scheduled meetings are automatically recorded

A user profile contains two mandatory attributes: the user ID, called MPName, and the user profile number, called VUName.

Cisco Unified MeetingPlace Directory Services can populate most user attributes in the profile by using data from your corporate directory. See the "Cisco Unified MeetingPlace Attributes" appendix for a list of all Cisco Unified MeetingPlace system user attributes that are supported by Directory Services.

Meta-Directory and the MetaLink Agreement

The Cisco Unified MeetingPlace Directory Services server combines user information from your LDAP directory and user profiles stored on the Cisco Unified MeetingPlace Audio Server system into a unified meta-directory. A meta-directory does not replace the systems that provide the data, but rather links these systems in one accessible infrastructure.

To create the meta-directory, Directory Services uses synchronization processes called MetaLink agreements. Each server synchronization requires a separate MetaLink agreement. A one-way MetaLink agreement sends data in one direction between servers, and a two-way MetaLink agreement sends data in both directions.

Once established, the MetaLink agreement between your corporate directory and the Directory Services directory can create, update, and delete Cisco Unified MeetingPlace system user profiles based on the information that is stored in your corporate directory server. If user information changes in the corporate directory, those changes are propagated automatically to the Cisco Unified MeetingPlace Audio Server system.

Correlation

The MetaLink agreement contains correlation rules that determine the uniqueness of the directory entries that are imported into or exported from Directory Services during the synchronization process.

A correlation rule can perform simple or complex correlations. Your directory server may have a natural correlator, such as a unique employee number, or a combination of correlators, such as first name, last name, and department number, that can be used to create a correlation rule. You can also create more complex correlation rules by using logical AND operators, string constants, and equality tests.

To avoid incorrectly combining directory entries during synchronization, create correlation rules by using attributes or attribute combinations that are unique for each entry in both the Cisco Unified MeetingPlace Audio Server system and your corporate directory server. For example, a correlation rule that simply concatenates FirstName and LastName and checks the result for uniqueness would incorrectly synchronize as one entry the profiles of two users with the same first and last names. By adding the unique EmployeeID attribute to the correlation rule, two unique entries would be created.

If an entry cannot be correlated between the Cisco Unified MeetingPlace Audio Server system and your corporate directory, a new entry is created by using BootStrap attribute mapping. When BootStrap attribute mapping occurs, be sure to consider which key values, such as fullDistName, will be unique for a newly created entry.

Note You must properly define correlation rules to ensure that new entries are not created when there is, in fact, a match between entries.

For correlation rule examples, see the "ImportCorrelation" section on page 4-3. For information about BootStrap attribute mapping, see the "BootStrapPersonMap" section on page 4-5.

Attribute Mapping

During synchronization, attribute mapping enables you to map attribute values from your corporate directory entries into your Cisco Unified MeetingPlace system user profiles when your corporate directory data does not match Cisco Unified MeetingPlace system user profile data.

When a MetaLink agreement runs, correlation rules determine whether to apply either standard attribute mapping or BootStrap attribute mapping, depending on the state of the entry that is being synchronized:

If a profile already exists in the Cisco Unified MeetingPlace system, correlation uses standard attribute mapping to update the profile with information from your corporate directory server.

If the profile does not exist, correlation uses BootStrap attribute mapping to create a new profile.

Bootstrap attribute mapping can also perform useful mappings when creating a new Cisco Unified MeetingPlace system user profile. For example, you can map the password attribute for new profiles to a generic value of 1234. When new users first log in to the Cisco Unified MeetingPlace system, they can access their profiles by using this generic password; then, they can change to a secure password. Because BootStrap attribute mapping occurs only when a profile is first created, existing Cisco Unified MeetingPlace system user profiles are not updated.

Attribute mapping allows you to use more than a simple one-to-one mapping between attributes; you can create mapping rules to do the following:

Concatenate the values of different attributes with other attributes or constant strings

Select the first attribute that has a value from a list

Apply custom mappings and conversions to the attribute values

For additional information about attribute mapping, see the "BootStrapPersonMap" section on page 4-5 and the "ImportPersonMap" section on page 4-5.

MetaLink Agreement and Configuration Files

To create a MetaLink agreement, you supply the Directory Services server with the rules and access information that are required to create and start the synchronization process. Each MetaLink agreement usually requires the following two files:

MetaLink agreement file—Contains information about the synchronization setup; for example, your corporate directory host information and access information.

MetaLink configuration file—Contains rules that are used to synchronize information from your corporate directory and any attribute-mapping rules that you may want to apply during the synchronization process.

Directory Services provides default MetaLink agreement and configuration files that you can modify as needed for most systems.

For a detailed description of the structure of a MetaLink configuration file, see the "Default MetaLink Configuration File" section on page 4-2.

Suspense Files

A suspense file is a text file that is generated to record any errors that occur when a MetaLink agreement is run. A suspense file allows you to locate problem entries that are interfering with normal synchronization. After identifying and correcting problems, you can execute the suspense file to resynchronize directory information. Some common errors include the following:

Duplicate entry—Occurs when Directory Services recognizes that a Cisco Unified MeetingPlace system username has already been imported, such as the same username that begins both with an uppercase letter and with a lowercase letter.

Attribute mappings—Occurs when a value cannot be obtained for an attribute mapping, such as when used with the mandatory attribute %deptno, where some entries do not have a department number assigned to them.

Unsatisfied Filter—Occurs when entries from the corporate directory do not meet the requirement (filter) for import into the Directory Services server.

For specific information about displaying and executing suspense files, see the "Monitoring Cisco Unified MeetingPlace Directory Services" section on page 6-6.