Import of Users from an LDAP Server

This topic explains how to import users from an LDAP server.

Follow these steps to import users from an LDAP server:

  • On Cisco Unity Connection, activate the Cisco DirSync service.
  • Configure the LDAP system.
    1. Set the LDAP server type.
    2. Choose the LDAP Attribute for User ID.
  • Configure the LDAP directory.
    1. Enter the LDAP directory information.
    2. Set the synchronization schedule.
    3. Set the user attributes for LDAP synchronization.
  • Optionally enable LDAP authentication.
  • Import the synchronized users.
    1. Specify the LDAP directory from which you want to import the users.
    2. Choose the voicemail template to apply to the new users.
    3. Choose the individual users and start the import process.

To import users from LDAP, activate the Cisco DirSync service under Tools > Service Activation in Cisco Unified Serviceability.

To set up the LDAP system, configure the following parameters under the section System Settings > LDAP, in the Cisco Unity Connection Administration:

  • Enable Synchronizing from LDAP Server: Check this check box so that Cisco Unity Connection gets basic information about Cisco Unity Connection users from the LDAP directories that are specified on the LDAP Directory configuration page.
  • LDAP Server Type: Choose the type of LDAP server from which Cisco Unity Connection will import the user data.
  • LDAP Attribute for User ID: Choose the field in the LDAP directory that should appear in the Alias field in Cisco Unity Connection for imported LDAP users. sAMAccountName specifies, for example, jdoe as the user alias. If you want to integrate with multiple domains, use the userPrincipalName, for example, jdoe@cisco.com.

The LDAP directory configuration is like the Cisco Unified Communications Manager LDAP directory configuration. The configuration requires the following LDAP directory settings:

  • LDAP Manager Distinguished Name and LDAP Password: Enter the name and password of an LDAP directory administrator account that has access to data in the LDAP user search base that is specified in the LDAP User Search Base field.
  • LDAP User Search Base: Enter the LDAP directory location that contains the user data that should be synchronized with Cisco Unity Connection user data. Cisco Unity Connection imports all users in the tree or subtree (domain or organizational unit) that the search base specifies.

The synchronization can be done once or regularly:

  • Perform Sync Just Once: Check this check box to resynchronize user data in the Cisco Unity Connection database and in the LDAP directory one time, rather than at regular intervals.
  • Perform a Re-sync Every: To resynchronize user data in the Cisco Unity Connection database with user data in the LDAP directory at regular intervals, specify the frequency with which the resynchronizations should occur. The minimum interval is 6 hours. The first resynchronization occurs on the date and time that is specified in the Next Re-sync Time field.

These user fields can be synchronized with an LDAP server:

  • User ID: The value of the LDAP field that is listed here is stored in the Alias field in the Cisco Unity Connection database. The field that is listed here was specified on the LDAP Setup page, in the LDAP Attribute for User ID list.
  • Middle Name: Choose which value from the LDAP directory to store here: middleName or initials.
  • Manager ID: The value of the manager field in the LDAP directory is always stored in the Manager ID field in the Cisco Unity Connection database.
  • Phone Number: Choose which value from the LDAP directory to store here: telephoneNumber or ipPhone.
  • Title: Synchronize the title.
  • Mobile Number: Synchronize the mobile number that is stored in the attribute mobile.
  • Directory URI: Synchronize the URI from the msRTCSIP-primaryuseraddress or mail. You may choose None to not synchronize this parameter.
  • First Name: The value of the givenName field in the LDAP directory is always stored in the First Name field.
  • Last Name: The value of the sn field (surname) in the LDAP directory is always stored in the Last Name field. If this parameter is not defined in the LDAP server, the user is not listed in the import result window.
  • Department: The value of the department field in the LDAP directory is always stored in the Department field.
  • Mail ID: Choose which value from the LDAP directory to store here: mail or sAMAccountName.
  • Home Number: A configured home number is synchronized.
  • Pager Number: A configured pager number also can be synchronized.

In addition to these parameters, you can synchronize up to five custom attributes. In the group information section, you can specify a mask to apply to synced telephone numbers to create a new line for inserted users.

Finally, set the LDAP server parameters IP address and port 389. To point to a Microsoft Global Catalog, use port 3268 instead. The connection to the LDAP server should be secured. Cisco Unity Connection uses port 636 when you choose LDAP for the protocol used to communicate with domain controllers. If you are using SSL to encrypt data that is transmitted between the LDAP server Global Catalog and the Cisco Unity Connection server, the port 3269 is used.

To start the import process, choose the LDAP server from which you want to import users. If you do not see any users, the LDAP server has not been successfully synchronized with Cisco Unity Connection. Users without a last name that is configured in the LDAP server also are not displayed in this import list.

When any issues are resolved, choose the voicemail template that you want to apply. Choose the users that you want to import and start the import process. Also, you can import all users rather than choosing individual users.

Imported User

The following shows an imported LDAP user:

  • Alias, First Name, and Last Name are read-only fields.
  • You can migrate the LDAP user to a local user, and vice versa.
  • The LDAP status works differently than in Cisco Unified Communications Manager.

Compared to a manually configured user, the Alias, First Name, and Last Name fields for an imported user are read-only fields. If you want to change these field parameters, you must make the change in the LDAP server.

You can also convert the LDAP integrated user to a local user. This process can be reversed by integrating a local user with the LDAP server. However, both of these processes must be done manually. Cisco Unified Communications Manager works differently. Local users are automatically converted to LDAP users (again) after the next LDAP synchronization.

You can modify the extension number for single users. For multiple users, you can automate this process in the advanced LDAP settings.

Advertisements

Author: drbabbers

ccieme.wordpress.com - my personal journey to ccie