On this page

LDAP User Sync

Overview

You will need to set up an LDAP user sync to sync in users from a specified LDAP directory into VOSS Automate.

Users synced in from LDAP appear at the hierarchy node where the LDAP user sync object exists. Once synced in, you can manage these users (via the User Management menu in VOSS Automate). For example, you may want to move users to other hierarchies, or to push users to CUCM.

During an LDAP sync:

  • Some fields are always imported to VOSS Automate

  • Some fields are not imported into VOSS Automate

For details, see LDAP Integration

Delete or Retain Associated Accounts at User Sync

You can configure (via Customizations > Global Settings) the LDAP user sync to delete or retain Cisco (CUCM) subscriber voicemail and Webex accounts when running syncs after deleting the subscriber.

  • On the Webex App tab of the Global Settings, choose whether to retain or delete the Webex app account

  • On the Voicemail tab of the Global Settings, choose whether to retain or delete the voicemail account.

Related Topics

Add an LDAP Sync

This procedure adds a LDAP sync to prepare for synching users in from LDAP to VOSS Automate.

Warning

When configuring the LDAP sync, take care when setting the following options to Automatic, as this will delete all users from this LDAP server, in VOSS Automate as well as in the UC application users, phones, services, and so on:

  • User Purge Mode

  • User Delete Mode

Perform these steps:

  1. Log in as Provider, Reseller, or Customer administrator.

  2. Set the hierarchy path to the node of the LDAP server you want to synchronize users from.

  3. Go to (default menus) LDAP Management > LDAP User Sync.

  4. Click Add.

  5. Fill out details for the sync:

Field

Description

LDAP Server

Mandatory. The LDAP server you’re synching from.

LDAP Authentication Only

This setting is available only in VOSS Automate, and is disabled by default.

Leave unchecked (clear) to sync in users from LDAP (from a predefined LDAP directory). In this case, the user passwords are authenticated against this LDAP directory.

Select this checkbox (enable) to prevent user sync from the predefined LDAP directory. In this case:

  • Only the users passwords are authenticated against the LDAP directory

  • You can add users manually via the GUI, API, bulk load, or sync users in from CUCM.

User Model Type

Defines the LDAP object (from the configured LDAP server), and is used to import and authenticate users.

  • When LDAP server is Microsoft Active Directory, the default is device/ldap/user.

  • When LDAP server is AD LDS (ADAM), set to device/ldap/userProxy.

  • When LDAP server is OpenLDAP, the default is device/ldap/inetOrgPerson.

Contact the LDAP server administrator if you need to identify a non-default User Model Type to use.

LDAP Authentication Attribute

The attribute used for creating an LDAP user. This value is used for LDAP authentication against LDAP when the LDAP Authentication Only is enabled.

User Entitlement Profile

Choose the User Entitlement Profile that specifies the devices and services to which users synced in from the LDAP server are entitled.

The chosen entitlement profile is assigned to each synced in user. It is checked during user provisioning to ensure the user’s configuration does not exceed the allowed services and devices specified in the entitlement profile.

User Role (default)*

The default role to assign to the synced user (if no other LDAP Custom Role Mappings are applicable for the synced user, then this fallback/default role will be applied). This field is mandatory.

User Move Mode

Defines whether users are automatically moved to sites based on the filters and filter order defined in User Management > Manage Filters.

User Delete Mode

Defines whether users are automatically deleted from VOSS Automate if they are deleted from the LDAP directory. If set to automatic, all subscriber resources associated with the user, such as a phone, are also deleted.

User Purge Mode

Defines whether users are automatically deleted from VOSS Automate if they are purged from the LDAP device model. An administrator can remove the LDAP user from the device layer even if the user has not been removed from the LDAP directory.

  1. Inspect the default mappings and modify if required, see User Field Mapping.

  2. Click Save.

    An LDAP sync is added, and is inactive by default. See LDAP Schedule.

  3. In the Global Settings, define whether to retain or delete associated webex and/or voicemail accounts in the user sync that runs after deleting a subscriber. See topic Global Settings (Webex App tab, Voicemail tab)

Related Topics

previous

LDAP Server

next

LDAP Schedule