Update a User#
Users are typically added or updated on Automate from the sync source, e.g. LDAP, CUCM, CUC, etc. See User Sync Source.
Important
Sync source precedence may override user input. If you update a user on Automate that …
Exists on a sync source
Has mapped fields
Has a higher precedence than LOCAL (Automate) data
Only the mapped fields are updated from the sync source. Data in these fields is updated from the sync source and not the user input added in Automate. These fields are typically read-only in Automate Admin Portal.
For user authentication method (Auth Method) changes when updating, see Authentication Method Setting Rules.
Sync Source Scenarios
See also User Field Mapping.
Additional Info
Note
Updating an admin user that has become a subscriber creates a sync with the application highest on the User Sync Source precedence, and according to the field mapping for that source. The sync occurs once you click Save.
If the Admin user password is updated, user passwords on CUCM, CUC, and WebEx are also updated if these have been provisioned for the user.
Note
Since different UC apps can have different password strictness rules, the update transaction will only succeed if the strictness rules of all the UC apps have been met. Otherwise, the update transaction will roll back.
Administrators should therefore choose a password that meets the requirements of all the UC apps.
If the user was added as a Microsoft Active Directory LDAP user (see: Add Admin Users), then:
Additional fields on the User tabs are exposed that can be saved to the Microsoft Active Directory LDAP server.
Updates to user details on the LDAP form tab will update the Microsoft Active Directory LDAP server when clicking Save.
If user updates made directly on the Microsoft Active Directory LDAP server will reflect on VOSS Automate once the user is again synced in Automate from the Sync & Purge menu.
The Users Page toolbar provides these additional actions for managing a user:
Align Hierarchy to Sync Source
For example, if the user’s sync source is ‘CUCM’, and the data/User is at Customer level and the CUCM user is at site level, then the data/User instance will be moved from Customer level to the CUCM’s hierarchy, that is, to the site level.
Align Hierarchy to User
All other related instances of the user (e.g. CUCM, device/cucm/User, device/cuc/user, etc.) will be moved to the hierarchy of the data/User instance.
Delete From Ldap
Relevant only for Microsoft Active Directory LDAP server.
The delete transaction succeeds only for users on Microsoft Active Directory LDAP servers on port
636
, where the Enable Write Operations setting is checked. Thus, if Write operations are enabled on the associated LDAP server and the LDAP server is a secured Active Directory LDAP server, the LDAP user (device/ldap/user
) is removed, and the VOSS user (data/User
) is updated, that is, the sync type/source is set to LOCAL to reflect LDAP removal.See also, Add Admin Users
If there is an associated CUCM user, the CUCM user and the VOSS user are updated. In this case:
The CUCM user is converted to a Non-LDAP user and the LDAP directory name is removed (set to clear).
The VOSS user’s (
data/User
) sync type is updated to CUCM-Local.
Push To Ldap
Creates an LDAP user (if the LDAP user does not exist).
Requires availability of an LDAP server that allows write back and is configured as a secure Microsoft Active Directory server. This server must be on port 636, with Enable Write Operations checked.
Used when adding user details on the LDAP form tab for the first time and first adding the LDAP user - see: Add Admin Users. Thereafter, clicking the Save button also updates the LDAP user details on the LDAP server. However, if any user details have been updated for the LDAP server, this Push To Ldap menu option will also save these.
On the Users list view (default menu, User Management > Users), click on a non-LDAP user you wish to push to LDAP. On the LDAP tab/panel, choose the LDAP server, fill out a description and password, and click Action > Push to LDAP. The LDAP user is created on the selected LDAP server.
This menu option can’t be used for Automate LDAP-synced users (in which case a system message on the LDAP tab displays Push to LDAP is not allowed).
See Add Admin Users