[Index]
Use this procedure to set up an LDAP server for integration with VOSS-4-UC.
Procedure
LDAP Server Fields
Fields | Description |
---|---|
Description | Defaults to the current hierarchy level. |
Host Name * | Hostname or IP address of the LDAP server. This field is required. |
Port | Port number for LDAP traffic. Defaults to 389. |
User DN * | The User Distinguished Name of an administrative user who has access rights to the Base DN on the LDAP server. This field is required. Examples:
|
Admin Password * | Admin password associated with the user. This field is required. |
Search Base DN * | Base Distinguished Name for LDAP search. This should be a container or directory on the LDAP server where the LDAP users exist, such as an Organization Unit or OU. As an example, to search within an Organizational Unit called CUS01 under a domain called GCLAB.COM, the Search Base DN would be OU=CUS01,DC=GCLAB,DC=COM. This field is required. Note that the search will traverse the directory tree from this point down and will include any sub OU's which have been added within the OU. |
Search Filter | An RFC 2254 conformant string used to restrict the results returned by list operations on the LDAP server. |
Server Type * | Choose between Microsoft Active Directory or OpenLDAP. For AD LDS (ADAM), choose Microsoft Active Directory. |
AD Sync Mode * | Defaults to Direct. |
CUCM LDAP Directory Name | The name of the LDAP Directory configured on CUCM that we want this user to be considered synced from. The LDAP Directory must be configured on CUCM already. This is an optional parameter but the following should be considered: For top down sync scenario, Users will be added to CUCM as Local Users if this parameter is not set. For bottom up sync scenario, Users will not be able to log on to CUCDM if this parameter is not set. |
Encryption Method | Choose between No Encryption, Use SSL Encryption (ldaps://), or Use StartTLS Extension. |
Server Root Certificate | If Trust All is Cleared, the LDAP server's SSL certificate is validated against this root certificate. If no Server Root Certificate is specified, validation is done against any existing trusted CA certificates. Use this option for custom root certificates in .pem format. See "SSO Certificate Management" for more information. |
Trust All | Select this check box to disable certificate validation. |
Primary Key Attribute | The attribute value used to uniquely identify and search for records on an LDAP server. For example, uid is the attribute when using a 389-Directory Server and entryUUID when using an OpenLDAP server. The attribute must be unique, should not change over time and should not be location specific. If no attribute is entered, entryUUID is used for an OpenLDAP server and ObjectGUID if the LDAP server is Microsoft Active Directory. |
Search Filter examples:
What to Do Next
Perform a test connection to ensure the LDAP server is configured correctly.
If the authentication credentials or search base DN are invalid, an error message pops up on the GUI, for example:
Error encountered while processing your request
caught exception: [Helper] validation failed; Invalid search base db.
Title | Description | Details | |||||||||||||||||||||||||||||||||||||||||||||||
Description | The description of the LDAP server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Host Name * | The host name of the LDAP server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Port | The port number for LDAP traffic. The ports a fully configurable. Default: 389 |
|
|||||||||||||||||||||||||||||||||||||||||||||||
User DN * | The User Distinguished Name (DN) on the LDAP server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Admin Password * | The administrator Password associated with the Username to connect to the LDAP server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Search Base DN * | The base Distinguished Name for LDAP search. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Search Filter | A RFC 2254 conformant string that is used to restrict the results retuned by list operations on the LDAP server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Server Type * | The selected LDAP server type. The type can be Open LDAP or Microsoft Active Directory. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Authentication Attribute |
|
||||||||||||||||||||||||||||||||||||||||||||||||
Model Type | The model type to be used for authentication. The defualt choices are device/ldap/inetOrgPerson, device/ldap/person, and device/ldap/user. If the default choices do not fit the deployment scenario, custom values are allowed for this field. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Login Attribute Name | The selected attribute of the LDAP user login. When Server Type is Microsoft Active Directory, the following default choices are populated employeeNumber, mail, sAMAccountName, telephoneNumber, userPrincipalName. When Server Type is Open LDAP, the following choices are populated employeeNumber, mail, telephoneNumber, uid. If the default choices do not fit the deployment, custom values are allowed for this field. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Connection Security |
|
||||||||||||||||||||||||||||||||||||||||||||||||
Encryption Method | The encryption mechanism to be used. This can be No Encryption, Use SSL Encryption (ldaps://), or Use StartTLS Extension Default: no_encryption |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Certificate Validation | Specifies behavior for certificate validation eg. Trust all certificates (no validation). |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Trust All | When enabled, the system will not check if the server's certificate is trusted. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Server Root Certificate | When trust_all is False, the LDAP server's SSL certificate will be validated against this root certificate. If this certificate is not specified, validation will done against any existing trusted CA certificates. Use this option for custom root certificates in (.pem format) |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Advanced Configuration | Advanced configuration settings. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Primary Key Attribute | This field allows an administrator to specify the primary key attribute that will be used to retrieve records from the ldap server. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Ext |
|
||||||||||||||||||||||||||||||||||||||||||||||||
LDAP Server | The assoicated LDAP server host. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Port | The assoicated LDAP server port. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Search_Base_Dn | The assoicated LDAP server Search Base Dn. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Unique ID | This is an auto-generated internal identifier that does not need to be explicitly initialized. Default: Auto generated |
|
|||||||||||||||||||||||||||||||||||||||||||||||
AD Sync Mode * | The mode in which users will be synced from the LDAP server. Currently, only Direct sync from the LDAP server is supported. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Organization ID | The organization ID assigned to the tenant in the Common Identity Store. This is not used currently and does not need to be initialized. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
CUCM LDAP Directory Name | The name of the LDAP Directory configured on CUCM that we want this user to be considered synced from. The LDAP Directory must be configured on CUCM already. This is an optional parameter but the following should be considered: For top down sync scenario, Users will be added to CUCM as Local Users if this parameter is not set. For bottom up sync scenario, Users will not be able to log on to CUCDM if this parameter is not set. |
|