Cisco Unified MeetingPlace, Release 7.0 -- How to Configure LDAP Then MeetingPlace Authentication

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified MeetingPlace, Release 7.0

Up one level: Configuration




This authentication mode attempts to authenticate users against two directories if the need arises. When users first log in, they are authenticated against the LDAP directory. If this authentication fails, the login information is sent to the Cisco Unified MeetingPlace Application Server for a possible match. This behavior allows a company to give non-LDAP users, such as guests or contractors, access to Cisco Unified MeetingPlace.


Note: Cisco Unified MeetingPlace enforces e-mail format validation when you have LDAP synchronization configured. If an e-mail address for a particular user does not conform to the standard e-mail format, the user is skipped during the LDAP synchronization process and not imported into the MeetingPlace database. Standard e-mail format expressions include: ^([\\w-_.'])*\\w+@([\\da-zA-Z-]+\\.)+[\\da-zA-Z]{2,6}$"


Contents

Prerequisites for Configuring LDAP Then MeetingPlace Authentication

  • To authenticate Cisco Unified MeetingPlace Web Conferencing against the LDAP server, make sure that the LDAP server directory is designed to have all users in one container rather than broken into multiple containers (each representing a child OU).
  • If a match is made in the LDAP database, the user must provide the proper LDAP password. Three attempts with the incorrect password will lock the LDAP profile of the user.
  • Only users who are not found in the LDAP directory are eligible for authentication through the Cisco Unified MeetingPlace directory.
  • User IDs in the Cisco Unified MeetingPlace profile database are not case-sensitive.




Configuring the LDAP Then MeetingPlace Authentication

Before You Begin

Read Restrictions: User Authentication and Load Balancing.


Procedure
  1. Sign in to the end-user web interface.
  2. Click Admin.
  3. Click Web Server.
  4. Click the name of the Web Server that you want to configure in the "View" section of the page.
  5. Scroll to the Web Authentication section.
  6. Select LDAP, then MeetingPlace for "Step 1: Directory".
  7. Enter the LDAP hostname in the field provided.
    Example: ldap.domain.com
  8. Enter the Distinguished Name (DN) information for your directory in the field provided noting the following considerations:
    • Cisco Unified MeetingPlace user profile login names are limited to 17 characters; therefore, the LDAP match must be 17 characters or less.
    • You can only enter one value for the LDAP Distinguished Name (DN) field. If your users are segregated into multiple organizational units (OUs), you can work around this issue by using either the DOMAIN\USER or user@ou.domain.com format for the DN. When configuring the LDAP Distinguished Name field, enter just %USERNAME%, without specifying an OU, DC, or other parameter.
    Note: All users in the LDAP server directory must be in one container rather than broken into multiple containers each representing a child OU.
    • %USERNAME% is the username that the user enters when logging in.
    • Before sending the request to the LDAP server %USERNAME% is replaced with the username that the user enters in the login username field. No additional modifications are made to the DN value.
    • %USERNAME% is case-sensitive, that is, all upper case.
    • If you match any of the following circumstances, leave the DN field blank (empty) instead of entering %USERNAME%:
    • You are authenticating against a multiple LDAP forest configuration. Example: CN=%USERNAME%, OU=People, DC=mydomain, DC=com
    • The LDAP server you are using is the LDAP interface on a Microsoft Active Directory server. If this is the case, you must leave the DN field blank for authentication to work. When configured in this manner, the format of the usernames that the user enters must be DOMAIN\USER or user@ou.domain.com.
    • You want to send user passwords as protected (that is, not as clear text). Entering a value for the DN field sends passwords as clear text.
    Note: If you choose to enter a value for the DN field, it is your responsibility to establish a secure connection between the Cisco Unified MeetingPlace web server and the LDAP server. This is not the same as configuring SSL configuration on the web server. The SSL feature in Cisco Unified MeetingPlace protects traffic between the client and web server. You will require a secure connection between the web server and the LDAP server.
    • Consult your LDAP expert for your DN information.
  9. Select how you want user names transformed for "Username Conversion Function."
    Selecting None applies no transformation to the original user ID string.
  10. Select one of the following for "Step 2: Login Method":
    • Select Web Page Form to see an HTML-based Cisco Unified MeetingPlace login window.
    • Select HTTP Basic Authentication to see a login window rendered by your web browser.
  11. Click Submit and wait five minutes for the new configuration to take effect.
What to Do Next

Based on your configuration, proceed to one of the following topics:



Verifying the LDAP Then MeetingPlace Authentication Configuration by Using the Web Page Form

Use a Cisco Unified MeetingPlace end-user profile when completing this procedure.


Before You Begin

Complete Configuring the LDAP Then MeetingPlace Authentication.


Procedure
  1. Open a web browser and navigate to Cisco Unified MeetingPlace.
  2. Verify the following end-user behaviors:
    • You can log in with your LDAP password.
    • You cannot log in without a password.
    • If you have a Cisco Unified MeetingPlace profile, you can log in and schedule meetings.
    • If you do not have a Cisco Unified MeetingPlace profile, you can only attend and search public meetings.


Related Topics



Verifying the LDAP Then MeetingPlace Authentication Configuration by Using the HTTP Form

Use a Cisco Unified MeetingPlace end-user profile when completing this procedure.


Before You Begin

Complete Configuring the LDAP Then MeetingPlace Authentication.


Procedure
  1. Open a web browser and navigate to Cisco Unified MeetingPlace.
  2. Verify the following end-user behaviors:
    • You can log in with your LDAP password.
    • You cannot log in without a password.
    • If you have a Cisco Unified MeetingPlace profile, you can log in and schedule meetings.
    • This option does not allow you to log in to Cisco Unified MeetingPlace as a guest, that is, without a Cisco Unified MeetingPlace profile.


Related Topics

Rating: 0.0/5 (0 votes cast)

Personal tools