Write back to Active Directory LDAP#
Overview#
For Microsoft Active Directory LDAP Servers, an option is available to enable write back as a part of the Quick Add Subscriber process, for both Quick Add Subscriber for CUCM and for Microsoft Quick Subscriber.
Setting up for Write Back to Active Directory LDAP Servers#
Before using write back for Microsoft Active Directory LDAP servers, you’ll need to set up the environment as follows:
At the required hierarchy for the LDAP Server:
Server Type is
microsoft_active_directory
.Port is 636.
Encryption Method is
Use SSL Encryption
.Enable Write Operations is enabled.
Add an LDAP User Sync instance at the required hierarchy:
Select the relevant LDAP Server.
Select a LDAP Write Back Template - see: LDAP Write Back Template.
If the LDAP Write Back Only checkbox is enabled, users are only synced in for write-back purposes and other user updates are not carried out.
This should only be used for a Microsoft-only type scenario where users are being synced in initially from MS365 or MSTeams and the LDAP Write Back option is configured to write back to Active Directory for the purpose of syncing to Azure.
At the end of the Quick Add Subscriber workflow, write-back is then carried out for target model type
device/ldap/user
using this LDAP User Sync instance.When saving LDAP User Sync, a data sync instance is created that applies when a sync is carried out from Sync & Purge > LDAP Users.
When Quick Add Subscriber or Microsoft Quick Subscriber is run, the LDAP user is updated in accordance with the LDAP write-back template.
LDAP Write Back Template#
An LDAP Write Back Template is a configuration template for target model type device/ldap/user
that contains named macros that will be applied during write-back when the Quick Add Subscriber or Microsoft Quick Subscriber
task is carried out.
For example, the following macros can be used in the configuration template selected in LDAP Write Back Template.
LDAP username:
{{macro.DISPLAY_GET_USERNAME}}
- writes back usernameLDAP user first name:
{{macro.DISPLAY_NAME_GET_FNAME}}
- writes back user first nameLDAP user last name:
{{macro.DISPLAY_NAME_GET_LNAME}}
- writes back user last nameTelephone Number:
{{macro.DISPLAY_GET_FIRST_LINE}}
- write back the first line added to a subscriber when running Quick Add Subscriber.Telephone Number:
{{macro.DISPLAY_GET_FIRST_LINE_E164}}
- write back the first E164 line added to a subscriber when running Quick Add Subscriber.
Note
When writing back to Active Directory for the purpose of syncing to Microsoft Entra ID for Microsoft Teams provisioning, the LDAP authentication attribute on the LDAP user configuration must be to
userPrincipalName
and the username mapping on the User Field Mapping page must be set touserPrincipalName
for the specific LDAP server.The configuration template is automatically created for each LDAP server; at the same level of the hierarchy as the LDAP server when Enable Write Operations is set to True. There can only be one Write Back configuration template per LDAP server.