Configure LDAP Authentication-only (standalone)#

This procedure sets up LDAP for authentication-only, in VOSS Automate.

Note

Users can be added locally or synced from CUCM:

Scenario where LDAP authentication is the default

When users are LDAP synced in CUCM and then synced into VOSS Automate

Scenario where LDAP authentication is not the default

  • When users are manually configured in CUCM and then synced into VOSS Automate

  • When users are manually configured in VOSS Automate

You can change the default behavior, as described in View and Update LDAP Authentication Users.

To set up LDAP for authentication-only …

  1. Log in as Provider, Reseller, or Customer administrator.

  2. Choose the hierarchy where you have the LDAP server set up (the server you’re using to authenticate users).

  3. Go to (default menus) LDAP Management > LDAP User Sync.

  4. Click Add.

  5. Fill out the relevant details:

Field

Description

LDAP Server

Choose the LDAP Server where you are authenticating users.

LDAP Authentication Only

Disabled by default, which means users will be synced from the configured LDAP directory and their passwords are authenticated against that LDAP directory.

When enabled:

  • The LDAP server is used only to authenticate users.

  • Only available at hierarchy nodes with an LDAP server, so not available for users created at sites.

  • Fill out the CUCM LDAP Directory Name for the LDAP server. When more than one LDAP server sync is created and you don’t provide this detail, no LDAP users are created and the transaction log shows a warning.

  • Users won’t be synced from the configured LDAP directory but their passwords are authenticated that LDAP directory.

  • You can manually add users from the GUI or API, bulk load them, or sync them from CUCM.

User Model Type

Read-only. Identifies the LDAP object (defined in the configured LDAP server), used to authenticate users.

LDAP Authentication Attribute

Mandatory. Choose the LDAP Attribute for authenticating users.

Options are:

  • sAMAccountName (only option for AD, and the default for AD)

  • uid (only option for OpenLDAP, and the default for OpenLDAP)

  • mail

  • employeeNumber

  • telephoneNumber

  • userPrincipalName (AD or hybrid, for MS)

These are the same values CUCM uses for LDAP Attribute for User ID.

Active Directory (AD) only:

For these user types, don’t choose userPrincipalName, unless the userPrincipalName value was set as the Username when the user was created:

  • Users created using the VOSS Automate GUI

  • Users created using the VOSS Automate API

  • Users bulk loaded into VOSS Automate

  • Users manually created in Unified CM and synced into VOSS Automate

For users synced from LDAP into CUCM and then into VOSS Automate:

Caveats (AD and OpenLDAP)

For users synced from LDAP into CUCM and then into VOSS Automate:

  • We strongly recommend selecting the same LDAP Authentication Attribute as Unified CM uses for LDAP Attribute for User ID.

  • If you sync users into Unified CM using attributes other than sAMAccountName/uid, do not choose sAMAccountName/uid.

If you sync users from LDAP into CUCM using employeeNumber, choose employeeNumber for the LDAP Authentication Attribute. However, to get the LDAP Authentication to work properly, one of these conditions must be met:

  • Before syncing users from CUCM to VOSS Automate, set the Employee Number field on CUCM Server FieldMapping tab to userid

  • Define the LDAP for Authentication Only sync before syncing users from CUCM into VOSS Automate

  1. Click Save.

    All users with SyncToHierarchy set to the hierarchy of the LDAP server now use the LDAP server for authentication. Users are added to the LDAP Authentication Users list.