Cisco Unified MeetingPlace, Release 7.0 -- About Directory Service

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified MeetingPlace, Release 7.0

Up one level: Configuration




Contents

Directory Service

Directory Service enables the system to populate and synchronize the Cisco Unified MeetingPlace user database with the Cisco Unified Communications Manager user database, which is typically integrated with an LDAP directory.


Note: For information about LDAP integration, see the Cisco Unified Communications Solution Reference Network Design (SRND) that applies to your version of Cisco Unified Communications Manager at http://www.cisco.com/go/designzone.


Specifically, Directory Service simplifies user profile administration by doing the following:

  • Imports user profiles from Cisco Unified Communications Manager to Cisco Unified MeetingPlace.
  • Periodically updates the Cisco Unified MeetingPlace database with new or modified user entries in the Cisco Unified Communications Manager database.
  • Periodically checks the Cisco Unified Communications Manager database for inactive user entries, and deletes those user profiles from the Cisco Unified MeetingPlace database.
  • Enables the system to use AXL authentication to authenticate Cisco Unified MeetingPlace Directory Service users against the external directory.
  • Supports fully encrypted LDAP integration when Secure LDAP (SLDAP) is enabled on Cisco Unified Communications Manager and the LDAP server.
    Note: SSL for the Cisco Unified MeetingPlace Application Server is not required to support Secure LDAP integration. You must, however, make sure that the configured AXL URL begins with "https" instead of "http."


Related Topics


Directory Service User Profile Configuration

During the initial Directory Service import of a user profile, the fields are configured as described in Table: User Profile Field Configuration Through Directory Service. If the corresponding Cisco Unified Communications Manager user profile is modified, the next Directory Service user profile update or full synchronization reconfigures the Cisco Unified MeetingPlace user profile fields as specified in Table: User Profile Field Configuration Through Directory Service.


Note: To change any of the User Profile Fields in Table: User Profile Field Configuration Through Directory Service, you must configure the corresponding Source.


Table: User Profile Field Configuration Through Directory Service
Source User Profile Fields

Directory Service import process

isLocalUser -- This is always set to No in each Directory Service user profile.

Cisco Unified Communications Manager user database

Below are mandatory fields for User Profile creation. Click on each field name for their detailed explanation:

The User ID field cannot be an empty value. Unless otherwise specified, the field in Cisco Unified MeetingPlace User Profile is left blank if the corresponding field in Cisco Unified Communications Manager is empty.


User group filters


or


Group name in user profile

Group name -- See Assigning User Groups for Directory Service Users.

Time zone filters


or


Time zone in user group or user profile

Time zone -- See Assigning Time Zones to Directory Service Users.

Guest Profile (first import only)

All user profile fields not mentioned previously in this table are initially populated with the values configured in Guest Profile. You can then modify the individual user profile fields through the Administration Center. The values will not be overwritten by Directory Service user profile updates or full synchronizations.


Restrictions:

  • Remember that all user profile fields set to "Group default" inherit their value from the user group. If the Group name is modified through Directory Service filters or department number changes, the user profile fields will be modified accordingly.
  • The following fields are not populated at all through Directory Service. Because Directory Service users are not authenticated by Cisco Unified MeetingPlace, these password fields are not imported and cannot be modified through Cisco Unified MeetingPlace:
Related Topics



Directory Service User Profile Deletion

The system periodically checks Cisco Unified Communications Manager for inactive user entries and deletes those user profiles from Cisco Unified MeetingPlace. Specifically:

  • (For Cisco Unified Communications Manager with LDAP integration) When a user is deleted or disabled in the LDAP directory, the corresponding user entry in Cisco Unified Communications Manager becomes inactive.
Every 24 hours, Cisco Unified Communications Manager deletes user entries that have been inactive for more than 24 hours.
The system does not import or update user profiles using this 8-hour cycle. Instead, the importing and updating of user profiles occurs at the configured Update users interval.
  • According to the configured Update users interval, the system deletes the following user profiles from Cisco Unified MeetingPlace:
    • Users that are inactive in Cisco Unified Communications Manager.
    • Directory Service users that are inactive in Cisco Unified MeetingPlace.
The system also imports and updates user profiles at the configured Update users interval.


Related Topics


Directory Service isLocalUser Setting In User Profiles

Each user profile in Cisco Unified MeetingPlace includes an isLocalUser setting, which determines:

  • Whether the user is authenticated externally through AXL authentication.
  • How the user profile settings are configured.


isLocalUserSetting Description

Yes

  • User is authenticated locally against the Cisco Unified MeetingPlace database.
  • User profile settings can be modified through Cisco Unified MeetingPlace user interfaces.1
  • Yes is the default value for user profiles that are manually imported or created through the Administration Center.

No

Footnote 1: Cisco Unified MeetingPlace user interfaces include the end-user web interface on the Web Server, the Cisco WebEx integration end-user interface on the Application Server, and the Administration Center (both the User Profiles Page and the Import User Profiles Page).


Note: The isLocalUser setting cannot be configured through the Administration Center. If you manually set isLocalUser to No by adding or editing user profiles by import, note that the user profiles may be affected during the next Directory Service user update:

  • Any inactive user entries found in Cisco Unified Communications Manager will be deleted from the Cisco Unified MeetingPlace database.
  • Some user profile fields will be overwritten by data from Cisco Unified Communications Manager and by Directory Service filters.


See Directory Service User Profile Configuration.


Related Topics



External AXL Authentication for Directory Service Users

Directory Service users are those whose isLocalUser user profile field is set to No. Which external device authenticates a Directory Service user depends on:

  • Whether the user logs in over the phone or web.
  • Whether Cisco Unified Communications Manager uses LDAP directory integration.


Table: Directory Service User Authentication
Directory Service User Login Method Device Used to Authenticate the Directory Service User (With LDAP Integration) Device Used to Authenticate the Directory Service User (Without LDAP Integration)

Phone

Cisco Unified Communications Manager

Cisco Unified Communications Manager

Web

LDAP directory

Cisco Unified Communications Manager



Related Topics

Rating: 0.0/5 (0 votes cast)

Personal tools