Set up LDAP for User Synchronization¶
Follow these steps to set up an LDAP for user synchronization. This process synchronizes users from the configured LDAP directory into VOSS-4-UC. The users then appear at the hierarchy node at which the LDAP User Sync object exists. You can manage the users through User Management menu options (for example, move users to other hierarchies, or push to Cisco Unified Communications Manager).
Note
The LDAP Authentication Only check box is available only in VOSS-4-UC.
Procedure¶
- Log in as provider, reseller, or customer administrator.
- Set the hierarchy path to the node of the LDAP server you want to synchronize users from.
- Choose LDAP Management > LDAP User Sync.
- Click Add.
- On the Base tab, provide the following information:
| Field | Description |
|---|---|
| LDAP Server* | This read-only field displays the LDAP Server you are synchronizing users from. |
| LDAP Authentication Only | Important: Leave the check box clear to synchronize users from LDAP. Default is Clear. When cleared, users are synchronized from the configured LDAP directory and their passwords are authenticated against the configured LDAP directory. When selected, users are not synchronized from the configured LDAP directory, but their passwords are authenticated against the LDAP directory. When selected, you can manually add users from the GUI or API, bulk load them, or synchronize them from Cisco Unified CM. |
| User Model Type | The User Model Type identifies which LDAP object, defined in the configured LDAP server, is used to import and authenticate users. If the LDAP server is Microsoft Active Directory, the
default is If the LDAP server is AD LDS (ADAM),
this
should be set to If the LDAP server is OpenLDAP, the default
is To identify a non-default User Model Type to use, contact the LDAP server administrator. |
| LDAP Authentication Attribute | The attribute used for creating an LDAP user. This value will be used for LDAP authentication against LDAP when the LDAP Authentication Only check box is selected (see above field). |
| User Entitlement Profile | Choose the User Entitlement Profile that specifies the devices and services to which users synchronied users synchronized from the LDAP server are entitled. The chosen entitlement profile is assigned to each synchronized user. It is checked during user provisioning to ensure the user’s configuration does not exceed the allowed services and devices specified in the entitlement profile. |
| User Role (default)* | The default role to assign to the synced user (if no other LDAP Custom Role Mappings are applicable for the synced user, then this fallback/default role will be applied). This field is mandatory. |
| User Move Mode | Indicates whether users are automatically moved to sites based on the filters and filter order defined in User Management > Manage Filters. |
| User Delete Mode | Indicates whether users are automatically deleted from VOSS-4-UC if they are deleted from the LDAP directory. If set to automatic, all subscriber resources associated with the user, such as a phone, are also deleted. |
| User Purge Mode | Indicates whether users are automatically deleted from VOSS-4-UC if they are purged from the LDAP device model. An administrator can remove the LDAP user from the device layer even if the user has not been removed from the LDAP directory. |
- Click the Field Mappings tab and modify the default mappings if required:
- LDAP Username
- For Microsoft Active Directory, this is typically the
sAMAccountName. - For AD LDS (ADAM), the
sAMAccountNameattribute is not part of the default schema, but can be added if required. Confirm with the LDAP server administrator. Alternatively, useuid. - For OpenLDAP, this is typically the
uid.
- For Microsoft Active Directory, this is typically the
- Sn (Surname)
- LDAP Username
- (Optional) Complete other field mappings as needed, for other operations such as pushing users to Cisco Unified Communications Manager or creating move filters.
- Click Save.
An LDAP synchronization is scheduled, but is not activated by default. See Synchronize Users from LDAP.
Note
The following fields are not imported by VOSS-4-UC during LDAP synchronization:
photo
jpegPhoto
audio
thumbnailLogo
thumbnailPhoto
userCertificate
logonCount
adminCount
lastLogonTimestamp
whenCreated
uSNCreated
badPasswordTime
pwdLastSet
lastLogon
whenChanged
badPwdCount
accountExpires
uSNChanged
lastLogoff
dSCorePropagationData
