Integrating Active directory with Call Manager 6.X
In order to initialize the LDAP system in Call Manager, you must first specify which type of LDAP server will be used.
1. From the System menu, choose LDAP > LDAP System.
Figure 1 - Call Manager LDAP System option
2. At the choice between Microsoft AD and Netscape, choose Microsoft AD
3. Specify your LDAP System Information choices.
Go to ->System ->Ldap->Ldap Directory
There is nothing particularly unusual about this page to anyone who has configured an LDAP client:
LDAP Configuration Name
Enter a unique name (up to 40 characters) for the LDAP directory.
LDAP Manager Distinguished Name
Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.
Enter a password (up to 128 characters) for the LDAP Manager.
Reenter the password that you provided in the LDAP Password field.
LDAP User Search Base
Enter the location (up to 256 characters) where all LDAP users exist. This location acts as a container or a directory. This information varies depending on customer setup.
C ) Create a schedule to download data upwards from every 7 Days.
d) You can specify the attributes that will be downloaded, although there is no control over these, apart from the email address attribute.
e) Enter the address of the server(s), with the possibility of entering multiple redundant servers for this download. Although the default is to use port 389, you can specify 636 and SSL.
5. Click Save to save these details.
An initial connection to the LDAP server is made, and a simple one-level search of the target OU is performed to verify the credentials and search base that has been supplied.
Following this, there is no further activity until the time and date that had been set earlier is reached. After that, the synchronization starts.
After the synchronization occurs, inspection of the Call Manager Users reveals the following:
Figure 5 - Users synchronized from eDirectory
These users have synchronized over from eDirectory. There is one user marked as Inactive - this was a locally created user who will be purged from the system once LDAP synchronization starts, as you cannot have any users entered manually when you are downloading users by LDAP. Deletion of users is handled by a janitor process that runs overnight, so in the interim a user to be purged is flagged as inactive.These users may now access their telephone management pages after some further configuration is performed.
6. Select LDAP Authentication from the initial System Configuration tab.
Figure 6 - LDAP Authentication and Server Information
A simpler set of details is requested here, and the normal mechanism for LDAP authentication is used:
a) Supply a privileged username and password. This is used to look up a user's CN (entered by them) to provide the Fully Distinguished Name. This is then used by the Call Manager to bind to the server using the user supplied password.
b) The server specified here need not be the same as the one used for the LDAP synchronization. It doesn't even need to be in the same tree; the only requirement is that the UID attribute be the same in both.