Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure Directory Search for Jabber for iPhone

Cisco Jabber can search Microsoft Active Directory or Open LDAP directories for contact information.

Requirements for Integration with Corporate Directory:

Use one of the following for Lightweight Directory Access Protocol (LDAP):

  • Microsoft Active Directory 2003
  • Microsoft Active Directory 2008
  • Open LDAP (with some limitations)

Restriction for Active Directory:

  • Phone numbers must be unformatted.
  • Global Catalog must be enabled.
  • Replicate all the Active Directory attributes that Jabber must access to the Global Catalog servers. Otherwise, Jabber cannot access the attribute information on the default port.  See how to modify attributes to replicate to the Global Catalog.

Procedure:

Step 1   Sign in to the Unified CM Administration portal.
Step 2   Navigate to the Cisco Dual Mode device page for the user.
Step 3   In  the Product Specific Configuration Layout section, enter the  iPhone country code.  This information helps determine the Caller ID.
Step 4   Enter LDAP User Authentication settings:                    
  • If credentials are not needed to access directory services, select Disabled.
  • If users must enter credentials to access directory services, select Enabled.
Step 5   Enter LDAP username and password:       
  • Enter credentials for a single read-only account that all users use to access Active Directory. These credentials are sent in clear text in the TFTP file. Users need not enter credentials into Cisco Jabber.
  • Enter a username with access to the directory and leave the password blank. You must give the password to each user and tell users to enter the password into the settings in Cisco Jabber.
  • If authentication is not required, leave these settings blank.
By default, the LDAP username is the userPrincipalName (UPN) and may be in the form of an email address (userid@example.com).
Step 6   Enter LDAP server address.            
  1. Enter the hostname or IP address and port number for your Active Directory server.
  2. When using the Global Catalog, use port 3269 for secure SSL connections or 3268 for nonsecure connections.
  3. When using other LDAP servers, use port 636 for secure SSL connections or 389 for nonsecure connections.
Use the format YourDirectoryServer.YourCompany.com:portnumber.  By default, if you enter no port or SSL settings, Cisco Jabber attempts an SSL connection to port 3269.  For example, directoryserver.cisco.com:3268.
Step 7   Enter the LDAP Search Base using the format: CN=users,DC=corp,DC=yourcompany,DC=com. By default, this application uses the search base that is found in a RootDSE search on the defaultNamingContext attribute. If you need to specify a different search base, enter the Distinguished Name of the root node in your corporate directory that contains user information. Use the lowest node that includes the necessary names. Using a higher node creates a larger search base and thus reduce performance if the directory is very large.                        
Note    To help determine the optimal search base, you can use a utility such as Active Directory Explorer (available from Microsoft) to view your data structure.
Step 8   Enter the LDAP field mappings.  LDAP field mappings identify the attributes in your directory that hold the information to be searched and displayed for directory searches.                    
Note:  See the section on LDAP Field Mapping below for more information.   
 
Step 9   Enter the LDAP photo location, if side loading photo URL.
Step 10   Select  Save.
Step 11   On the mobile device, restart Cisco Jabber.

If you allowed end-user configuration editing, delete the Directory account on the client and then set up the account again.

Step 12   Step through the wizard until you see the option to enable or confirm the corporate directory account settings.
Step 13   At the option to enable or confirm the corporate directory account settings, tap Yes.
Step 14   Enter the password, if it is not already entered.
Step 15   Select Save, even if you make no changes.
Step 16   Complete the wizard.

LDAP Field Mapping:

Cisco Jabber for iPhone determines which type of directory server you use by checking whether  the defaultNamingContext is defined. If the defaultNamingContext is defined, the app determines that you are using Active Directory. If this value is not defined, the app determines that the system is using another LDAP server.

The table below shows default attributes for Active Directory, other LDAP servers, and Cisco Jabber for iPhone.

Element (Human Readable)

Jabber Element Name

Default Active Directory Attribute

Default Attribute for All Other LDAP Servers

Your Value, if Different

Unique   identifier

identifier

distinguishedName

distinguishedName


Display   name

displayName

displayName

cn


Email   address

emailAddress

mail

mail


First   name

firstName

givenName

givenName


Last   name

lastName

sn

sn


User   ID

userid

sAMAccountName

uid


Main   phone number

mainPhoneNumber

telephoneNumber

telephoneNumber


Home   phone number

homePhoneNumber

homeTelephoneNumber

homeTelephoneNumber


Second   home phone number

homePhoneNumber2

homeTelephoneNumber

homeTelephoneNumber


Mobile   phone number

mobilePhoneNumber

mobile

mobile


Second   mobile phone number

mobilePhoneNumber2

mobile

mobile


Direct   to voicemail phone number

voicemailPhoneNumber

voicemail

voicemail


Fax   number

faxPhoneNumber

facsimileTelephoneNumber

facsimileTelephoneNumber


Other   phone number

otherPhoneNumber

telexNumber

telexNumber


Directory   photo

photo

jpegPhoto

jpegPhoto


Jabber   ID

jabberID

jabberID

jabberID


Job   title

jobTitle

title

title


Employee   number

employeeNumber

employeeID

employeeNumber


Manager   ID

manageruid

manager

manager


Cisco Jabber will display and search the values of the Default Active Directory Attributes when using Microsoft AD.  For example, if the user's name is John Smith,

ElementJabber Element Name
AD Attribute
Value of AD Attribute
First Name

firstName

givenName

John

Last Name

lastName

snSmith
Main Phone Number

mainPhoneNumber

telephoneNumber

18005551212

If your directory server uses a different attribute than the default values, you must map the Jabber Element Name to the Attribute in your directory.  The syntax for mapping is JabberElementName=YourAttribute.  For example, if your directory uses the ipPhone attribute as the main phone number, you can map the attribute as mainPhoneNumber=ipPhone.  Multiple field mappings can be separted mainPhoneNumber=ipPhone;displayName=nickname .

Reporting Structure:

Jabber will attempt to contruct a reporting structure information for the directory search.  The manager ID and employee number entries are  required for reporting structure information in directory search  results. The default mappings are as follows:

  • Active Directory: manageruid=manager; employeeNumber=employeeID.
  • Open LDAP: servers are manageruid=manager; employeeNumber=employeeNumber.

If a manager has more than 25 direct reports, Cisco Jabber for iPhone displays only the first 25 reports.  The value of a person's manageruid should be the value of the manager's employeeNumber.

Directory Photos:

Directory photos can come from LDAP or side loaded.

The default mapping is photo=jpegPhoto. No additional  action is necessary if you do not require a custom mapping.  If you require a custom mapping, you can modify the LDAP Field Mappings.

If you want to side load directory photos, populate the LDAP Photo Location, in the CUCM Device Configuration Page, with the URL of photo location.  We recommend that you use the variable %%LDAP Attribute%% to represent the LDAP attribute.

Example:

Note: 

You must include the double percent symbols in this string, and they must enclose the name of the LDAP attribute to substitute.

Cisco Jabber removes the percent symbols and replaces the parameter inside with the results of an LDAP query for the user whose photo it  resolves.

For example, af a query result contains the attribute “uid” with a  value of “johndoe”, and then a template such as                      http://mycompany.com/photos/%%uid%%.jpg creates the URL http://mycompany.com/photos/johndoe.jpg. Cisco Jabber attempts to fetch the photo johndoe.jpg when searching for John Doe.

Version history
Revision #:
1 of 1
Last update:
‎03-07-2013 10:30 AM
Updated by:
 
Labels (1)
Everyone's tags (3)
Comments
New Member

Hi,

Thank you for your document, very usefull. We have an issue: in LDAP user has:

ip phone = XXXX

Telephone Number=Full DID

Mobile Number= Mobile

It shows correctly for J4W, however, for Jabber for iPhone for specific users it shows

Work = XXXX

Mobile= Mobile Number

Work= Email address!!!

How I can add email= User email adress & Telephone Number= Full DID?

Under the TCT devide I did the followings( just IP Phone works)

mainPhoneNumber=ipPhone; emailAddress=mail;

Thanks,

Hamed

New Member

If i configure a search base for whole active directory how can i filter this that only users are displayed and not all SA and Admin Accounts and so on? Is this possible?