Cisco Unified Presence, Release 7.x -- How to Configure LDAP on Cisco Unified Presence

From DocWiki

Main page: Cisco Unified Presence, Release 7.x

Contents 1 Previous Topic 2 Configuring LDAP Server Names and Addresses 2.1 Before You Begin 2.2 Restrictions 2.3 Procedure 2.4 Troubleshooting Tips 2.5 Related Topics 2.6 What To Next 3 Configuring LDAP Profiles and Adding Users to the Profile 3.1 Before You Begin 3.2 Procedure 3.3 Troubleshooting Tip 3.4 Related Topics

Previous Topic

• Configuration and Maintenance of Cisco Unified Presence

Note: Before configuring LDAP, see the Deployment Guide for Cisco Unified Presence for best practice information on integrating LDAP.

• Configuring LDAP Server Names and Addresses

• Configuring LDAP Profiles and Adding Users to the Profile

Configuring LDAP Server Names and Addresses

The LDAP interface is used for LDAP authentication whenCisco Unified Personal Communicator users signin. You can provision one or more LDAP servers. Subsequently, these servers can be added to an LDAP profile that enables you to partition users on different LDAP servers.

Before You Begin

• Configure the LDAP attribute map.
• Obtain the hostnames or IP addresses of the LDAP directories.

Restrictions

If you are specifying more than one LDAP directory for failover support in Cisco Unified Personal Communicator, the LDAP directory servers must all be of the same product type (all Microsoft Active Directory, all Sun One or Netscape Directory, or all OpenLDAP Directory). The LDAP attribute schema must be the same on all directories.

Procedure

1. Complete one of the following actions:

If you want to:	Action
Add an LDAP server	Select Application > Cisco Unified Personal Communicator > LDAP Server. Select Add New.
Update an LDAP server	Find the record. See the Finding a Network Component topic for instructions. Edit the record as required.

2. Enter the LDAP settings as described in the table below.

Field	Description
Name	Specifies the name of the LDAP server.
Description	Provides a general description of the LDAP server.
Hostname/IP Address	Specifies the IP address or a Fully Qualified Domain Name (FQDN) of the LDAP server.
Port	Specifies the port number used by the LDAP server. Default port number: 389 Note: Check the LDAP directory documentation or the LDAP directory configuration for this information.
Protocol Type	Specifies the protocol to use when the LDAP server is contacted. Select one of the following values: TCP UDP TLS Default: TCP

3. Select Save.

Troubleshooting Tips

• If you are integrating with Microsoft Active Directory and if the server is Global Catalog, configure the following values:
  • Enter 3268 as the port number.
  • Select TCP as the protocol type.
• The jpegPhoto attribute is not available in Microsoft Active Directory Global Catalog server, and it is not indexed (http://msdn2.microsoft.com/en-us/library/ms676813.aspx). If your LDAP configuration uses Global Catalog port 3268, the jpegPhoto is not retrievable. Instead, change the LDAP directory configuration to TCP and port 389. The photo is retrieved when you sign in to Cisco Unified Personal Communicator again.
• If an application dial rule is configured, create proper directory lookup dialing rules in Cisco Unified Communications Manager to make sure that a picture displays both when you place a call to a contact and in the contact details. When you add a contact in Cisco Unified Personal Communicator, the directory lookup returns a 10-digit number (for example, 1234567890). If the user places the call by dialing only four digits (for example, 7890), the picture does not display because 7890 is not a match for 1234567890. Create the following rules to fix this problem:
  • Outbound rule to remove the area code. The picture displays in the contact details.
  • Inbound rule for directory lookup to prefix the area code (translate the 4-digit extension number into the 10-digit DID number stored in AD). The picture displays when you place a call.
• You can see LDAP server information in the server health window in Cisco Unified Personal Communicator (Help > Show Server Health on Windows).

Related Topics

• How to Find and Delete Components in Cisco Unified Presence Administration
• Getting More Information

What To Next

Configuring LDAP Profiles and Adding Users to the Profile

Configuring LDAP Profiles and Adding Users to the Profile

Cisco Unified Personal Communicator connects to an LDAP server on a per-search basis. If the connection to the primary server fails, Cisco Unified Personal Communicator tries the first backup LDAP server, and if it is not available, it then tries the second backup server. Cisco Unified Personal Communicator also periodically tries to return to the primary LDAP server. An LDAP query that is in process when the failover to a secondary server occurs is processed on the next available server. Connection status information is updated in the Server Health window (Help > Show Server Health on Windows). If Cisco Unified Personal Communicator cannot connect to any of the LDAP servers, it reports the failure in the System Diagnostics window.

Before You Begin

• Configure the LDAP server names and addresses.
• You must create the LDAP profile before you can add Cisco Unified Personal Communicator licensed users to the profile.

Procedure

1. Complete one of the following actions:

If you want to:	Action
Add an LDAP profile	Select Application > Cisco Unified Personal Communicator > LDAP Profile. Select Add New.
Update an LDAP profile	Find the record. See the Finding a Network Component topic for instructions. Edit the record as required.

2. Enter the LDAP profile settings as described in the table below.

Field	Description
LDAP Profile Information
Name	Specifies the name of the LDAP profile. Maximum characters: 128
Description	[Optional] Provides a general description of the LDAP profile. Maximum characters: 128
Bind Distinguished Name (DN)	[Optional] Specifies the administrator-level account information limited to 128 characters, and in the form useraccount@domain.com. This is the distinguished name with which you bind for authenticated bind. Maximum characters: 128 Note: The syntax for this field depends on the type of LDAP server you deploy. For details, see the LDAP server documentation.If you select an Anonymous Bind, this field is disabled.
Anonymous Bind checkbox	(Optional) Uncheck this option to use the user credentials to sign in to this LDAP server. For non-anonymous bind operations, Cisco Unified Personal Communicator receives one set of credentials. These credentials must be valid on the backup LDAP servers, if they are configured. Note: If you check Anonymous Bind, users can sign in anonymously to the LDAP server with read-only access. Anonymous access might be possible on your directory server, but it is not recommended. Instead, create a user with read-only privileges on the same container where the users to be searched are located. Specify the directory number and password in Cisco Unified Presence for Cisco Unified Personal Communicator to use.
Password	(Optional) Enter the LDAP bind password limited to 128 characters. This is the password for the administrator-level account that you provided in the Bind Distinguished Name string that allows users to access this LDAP server. Maximum characters: 128 Note: If you select an Anonymous Bind, this field is disabled.
Confirm Password	Enter the same password as the one entered in the Password field. (Optional) After configuring Cisco Unified Presence for authenticated bind with the LDAP server, configure the LDAP server for anonymous permissions and anonymous signin so that all directory information (name, number, mail, fax, home number, and so forth) is passed to the Cisco UnifiedPersonal Communicator client. Maximum characters: 128
Search Context	(Optional) Enter the location where all LDAP users are configured. This location is a container or directory. The name is limited to 256 characters. Only a single OU/LDAP search context is supported. Note: If integrating with Microsoft Active Directory: Set O and OU (OU must contain users; for example, ou=users,dc=cisco,dc=com). For example, cn=users,DC=EFT-LA,DC=cisco,DC=com The search base should include all users of Cisco Unified Personal Communicator. Maximum characters: 128
Recursive Search checkbox	(Optional) Check to perform a recursive search of the directory starting at the search base.
Primary LDAP Server	Specifies the primary LDAP server. From the list box, you can select the LDAP servers that you have already defined on the system.
Backup LDAP Server	Specifies the backup LDAP server. From the list box, you can select the LDAP servers that you have already defined on the system. You can specify two backup LDAP servers.
Make this the default LDAP Profile for the system	(Optional) Check so that any new users who are added to the system are automatically placed into this default profile. Note: Users who are already synchronized with Cisco Unified Presence from Cisco Unified Communications Manager are not added to the default profile. However, once the default profile is created, any users synchronized after that are added to the default profile.

3. Select Add Users to Profile.

4. Use the Find and List Users window to find and select users. See the Finding a Network Component topic for instructions.

5. Select Add Selected to add the users to the LDAP profile.

6. Select Save.

Troubleshooting Tip

You can see the LDAP profile information in the server health window in Cisco Unified Personal Communicator (Help > Show Server Health on Windows).

Related Topics

• How to Find and Delete Components in Cisco Unified Presence Administration
• Getting More Information