.. _set_up_an_ldap_server:
.. rst-class:: chapter-with-expand
Set up an LDAP Server
---------------------
Use this procedure to set up an LDAP server for integration with VOSS-4-UC.
**Procedure**
1. Log in as provider, reseller, or customer administrator.
2. Set the hierarchy node to the desired node where you want the users synchronized.
3. Choose **LDAP Management > LDAP Server**.
4. Click **Add**.
5. Complete, at minimum, the mandatory LDAP Server fields (see below).
6. Click **Save** to save the LDAP server.
LDAP Server Fields
..................
.. tabularcolumns:: |p{4cm}|p{10cm}|
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Fields | Description |
+=======================+===============================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| Description | Defaults to the current hierarchy level. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Host Name \* | Hostname or IP address of the LDAP server. This field is required. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Port | Port number for LDAP traffic. Defaults to 389. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | The User Distinguished Name of an administrative user who has access rights to |
| | the Base DN on the LDAP server. This field is required. |
| User DN \* | |
| | Examples: |
| | |
| | * Administrator@stb.com |
| | * OU=LDAP0,DC=stb,DC=com |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Admin | Admin password associated with the user. This field is required. |
| Password \* | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | Base Distinguished Name for LDAP search. This should be a container or |
| Search Base | directory on the LDAP server where the LDAP users exist, such as an |
| DN \* | Organization Unit or OU. As an example, to search within an Organizational Unit |
| | called CUS01 under a domain called GCLAB.COM, the Search Base DN would be |
| | OU=CUS01,DC=GCLAB,DC=COM. This field is required. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Search Filter | An RFC 2254 conformant string used to restrict the results returned by list |
| | operations on the LDAP server. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Server Type \* | Choose between **Microsoft Active Directory** or **OpenLDAP**. For AD LDS (ADAM), choose **Microsoft Active Directory**. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| AD Sync Mode \* | Defaults to Direct. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CUCM LDAP | The name of the LDAP Directory configured on CUCM that we want this user to be considered synced from. |
| Directory | The LDAP Directory must be configured on CUCM already. |
| Name | This is an optional parameter but the following should be considered: |
| | For top down sync scenario, Users will be added to CUCM as Local Users if this parameter is not set. |
| | For bottom up sync scenario, Users will not be able to log on to CUCDM if this parameter is not set. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Encryption | Choose between **No Encryption**, **Use SSL Encryption (ldaps://)**, or **Use StartTLS Extension**. |
| Method | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | If **Trust All** is Cleared, the LDAP server's SSL certificate is validated |
| Server Root | against this root certificate. If no **Server Root Certificate** is specified, |
| Certificate | validation is done against any existing trusted CA certificates. Use this |
| | option for custom root certificates in .pem format. See "SSO Certificate |
| | Management" for more information. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Trust All | Select this check box to disable certificate validation. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Primary Key Attribute | The attribute value used to uniquely identify and search for records on an LDAP server. For example, ``uid`` is the attribute when using a 389-Directory Server and ``entryUUID`` when using an OpenLDAP server. The attribute must be unique, should not change over time and should not be location specific. If no attribute is entered, ``entryUUID`` is used for an OpenLDAP server and ``ObjectGUID`` if the LDAP server is Microsoft Active Directory. |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Search Filter examples:
* ``(telephoneNumber=919*)``: all telephone numbers starting with 919
* ``((&(OfficeLocations=RTP)(|(department=Engineering)(department=Marketing)))``:
office is located in RTP and department is either Engineering or Marketing
* ``(&(MemberOf=cn=Admin,ou=users,dc=foo,dc=com)(!(c=US)))``: all Admins except
those in the U.S.
**What to Do Next**
Perform a test connection to ensure the LDAP server is configured correctly.
If the authentication credentials or search base DN are invalid, an error message
pops up on the GUI, for example:
*Error encountered while processing your request*
*caught exception: [Helper] validation failed; Invalid search base db.*