C H A P T E R. 11-1. Cisco Unified Communications Manager Administration
Guide. OL-24919-01. 11. LDAP System Configuration. In Cisco Unified ...
CH A P T E R
11
LDAP System Configuration In Cisco Unified Communications Manager, LDAP directory configuration takes place in the following windows: •
LDAP System Configuration
•
LDAP Directory
•
LDAP Authentication
•
LDAP Filter Configuration
Use the following topics to configure LDAP system information: •
LDAP System Configuration Settings, page 11-1
•
Related Topics, page 11-3
LDAP System Configuration Settings In Cisco Unified Communications Manager Administration, use the System > LDAP > LDAP System menu path to configure LDAP system settings. Use the LDAP System Configuration window to enable LDAP synchronization and to set up the LDAP server type and the LDAP attribute name for the user ID. Before You Begin
The setting of the Enable Synchronizing from LDAP Server check box in this window affects the ability to modify end users in Cisco Unified Communications Manager Administration. LDAP synchronization applies only to end users; LDAP synchronization does not affect application users. See the “Understanding the Directory” section on page 19-1 of the Cisco Unified Communications Manager System Guide for more information about LDAP synchronization. For end user data, you cannot use the End User Configuration window to update the attributes that get synchronized from the corporate directory. You can update these attributes only in the corporate directory itself, after which you should perform a resynchronization. You can make changes to LDAP Directory information and LDAP Authentication settings only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System Configuration window.
Cisco Unified Communications Manager Administration Guide OL-24919-01
11-1
Chapter 11
LDAP System Configuration
LDAP System Configuration Settings
Note
If end users exist in the Cisco Unified Communications Manager database before synchronization with a corporate directory occurs, the system will delete those end users that did not have a matching user ID in the corporate directory. For example, if users bob and sanjay were in the Cisco Unified Communications Manager database, but only bob was in the LDAP directory, then sanjay would be marked inactive and eventually get deleted by the garbage collector program.
Note
After an LDAP Directory configuration for the DirSync service gets created or the LDAP user authentication is enabled, the settings in the LDAP System Configuration window become read only.
Note
After you configure LDAP synchronization in Cisco Unified Communications Manager Administration, users without last names in the corporate directory do not synchronize with the Cisco Unified Communications Manager database. No error displays in Cisco Unified Communications Manager Administration, but the log file indicates which users did not synchronize. Using the GUI
For instructions on how to use the Cisco Unified Communications Manager Administration Graphical User Interface (GUI) to find, delete, configure, or copy records, see the “Navigating the Cisco Unified Communications Manager Administration Application” section on page 1-13 and its subsections, which explain how to use the GUI and detail the functions of the buttons and icons. Configuration Settings Table
Table 11-1 describes the LDAP system configuration settings. For related procedures, see the “Related Topics” section on page 11-3. Table 11-1
LDAP System Configuration Settings
Field
Description
LDAP System Information Enable Synchronizing from LDAP Server
To enable synchronization of data from the customer LDAP server, check this check box. If synchronization with the LDAP server is enabled, the following circumstances occur: •
You cannot modify end user data, except for the fields (attributes) that are not synchronized from the corporate directory. Example: user PIN. (The administrator can always modify application user data.)
•
You can modify the LDAP Directory information.
•
You can modify LDAP Authentication information.
If synchronization with the LDAP server is not enabled (is disabled), the following circumstances occur: •
You cannot modify LDAP Directory information.
•
You cannot modify LDAP Authentication information.
Cisco Unified Communications Manager Administration Guide
11-2
OL-24919-01
Chapter 11
LDAP System Configuration Related Topics
Table 11-1
LDAP System Configuration Settings (continued)
Field
Description
LDAP Server Type
If synchronization with the LDAP server is currently enabled, you can choose one of the selections in this drop-down list box. Choose the value that corresponds to the customer LDAP server type:
LDAP Attribute for User ID
•
Microsoft Active Directory
•
Microsoft Active Directory Application Mode
•
Netscape or Sun ONE LDAP Server
•
OpenLDAP
If synchronization with the LDAP server is enabled, you can choose an LDAP attribute value for the user ID. Choose one of the following values from the drop-down list box: •
For Microsoft Active Directory – sAMAccountName – mail – employeeNumber – telephoneNumber – userPrincipalName
•
Microsoft Active Directory Application Mode – uid – mail – employeeNumber – telephoneNumber – userPrincipalName
•
For Sun ONE LDAP Server, iPlanet, and OpenLDAP – uid – mail – employeeNumber – telephoneNumber
Additional Information
See the “Related Topics” section on page 11-3.
Related Topics •
LDAP System Configuration, page 11-1
•
LDAP System Configuration Settings, page 11-1
•
Understanding the Directory, Cisco Unified Communications Manager System Guide
•
LDAP Directory Configuration, page 12-1
Cisco Unified Communications Manager Administration Guide OL-24919-01
11-3
Chapter 11
LDAP System Configuration
Related Topics
•
LDAP Authentication Configuration, page 13-1
•
LDAP Custom Filter Configuration, page 14-1
•
Application User Configuration, page 87-1
•
End User Configuration, page 88-1
•
Application Users and End Users, Cisco Unified Communications Manager System Guide
Cisco Unified Communications Manager Administration Guide
11-4
OL-24919-01
