Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3088
Views
15
Helpful
14
Replies

Restrict user search in jabber

jaheshkhan
Level 4
Level 4

‎05-15-2018 09:29 PM - edited ‎03-17-2019 07:32 PM

client want the users not to see each other while searching. how can we do that?

 

I tried to do with different service profiles without directory profiles. still the search shows.

but manager need to see all the users.

 

but users only should able to see their manager.

0 Helpful
14 Replies 14

Mohammed al Baqari
Level 11
Level 11

‎05-15-2018 10:14 PM

Are you using UDS or LDAP lookups. If you use LDAP lookup combined with
service profiles and different OUs for different group of people then you
can achieve it.
0 Helpful

jaheshkhan
Level 4
Level 4
In response to Mohammed al Baqari

‎05-15-2018 11:08 PM

In Service profile i unchecked all option for directory just to see whether user cannot see any body and applied that service profile to user.

Still in jabber he can list all user in same OU.

what the client want. manager need to see all the users but individual user only need to see the manager onlly and not users among each other.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to jaheshkhan

‎05-16-2018 12:28 AM

If you uncheck all the boxes that won't stop all directory services. In
fact clients will use local machine settings (if its member of domain) to
lookup in AD.

Try to do what I mentioned and see if it works.
0 Helpful

jaheshkhan
Level 4
Level 4
In response to Mohammed al Baqari

‎05-16-2018 12:33 AM

can you explain with it and example. I didnt clearly understand it.
in my case all users are in one OU.

should i create user group in AD?

0 Helpful

jaheshkhan
Level 4
Level 4
In response to Mohammed al Baqari

‎05-16-2018 03:44 AM

This is what i did.
in AD i created Admin Group and user group.
Admin Group = AdminCP
user group = userGP
then created new service profile. then in directory profile section .
in search option i tried for the user as like this.

cn=adminGP, OU=jabberusers, dc=test, dc=com

if this is wrong where i have to mention these and search only group
0 Helpful

Ratheesh Kumar
VIP Alumni
VIP Alumni
In response to jaheshkhan

‎05-16-2018 02:57 PM

Hi there

 

I think you can achieve this by BDI, and you will need to define the LDAP Directory servers, this can be done under User Management -> User Settings -> UC Service.

 

Create multiple directory profiles and add in the appropriate details like Name, Host Name/IP Address etc.

Then go back to your service profile and select the this directory server for the admins and users.

Add username/password/search base.

 

To find search base go to 

  • Windows Server >>  open command prompt
  • Type ” dsquery user -name "Cisco Test" without quotes
  • You will get the results as follows
    • CN=ciscotest,CN=Users,DC=ccietestlab,DC=COM

 

Hope this helps!

Cheers
Rath!


***Please rate helpful posts***

 

 

 

 

 

0 Helpful

jaheshkhan
Level 4
Level 4
In response to Ratheesh Kumar

‎05-17-2018 12:51 AM

i tried your method
but didnt search for AD group user.
in my case its like this

“CN=Admin1,OU=JabberUsers,DC=ccietestlab,DC=COM“

Admin1 is security Group that i created in AD under OU jabberusers.

its not searching for users in admin1 Group. do need to specify filters for group?

0 Helpful

jaheshkhan
Level 4
Level 4
In response to jaheshkhan

‎05-19-2018 08:56 AM

any one to help on this?
0 Helpful

j.smith@sepidarsystem.com
Level 1
Level 1
In response to Mohammed al Baqari

‎11-02-2021 04:17 AM

Hi

I disabled UDS on service profile and created LDAP directory and added search base on Directory Profile settings of Service Profile. But I still can search other users that are not in the OU that I specified in Search Base. Is it necessary to restart any service?

0 Helpful

jaheshkhan
Level 4
Level 4
In response to j.smith@sepidarsystem.com

‎11-02-2021 05:39 AM

Can you please show me your base search :

 

is it something like this:
"OU=IPT, dc=domain,dc=local"

 

or in base you mentioned only :  dc=domain,dc=local

 

if the above not working , mention it under Base Filter (Only used for Advance Directory) also.

 

 

0 Helpful

j.smith@sepidarsystem.com
Level 1
Level 1
In response to jaheshkhan

‎11-02-2021 06:36 AM

Thank You for your reply.

It worked when I tested from inside the network of the company. But it does not work if I use MRA. It seems that there must be extra configurations on expressway, right? Is there any UDS priority set on expressway?

 

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to j.smith@sepidarsystem.com

‎11-02-2021 10:22 AM

MRA by default uses UDS, UDS is a flat directory.

If your CUCM version has the option to configure LDAP search, that's what you need to use, it will proxy the request via UDS to LDAP.

HTH

java

if this helps, please rate

j.smith@sepidarsystem.com
Level 1
Level 1
In response to Jaime Valencia

‎11-03-2021 06:34 AM

Thank You for your reply.

I didn't know that MRA uses UDS by default. I want to block specific users in a certain OU to search while connecting through MRA. Should I use Custom Filter in LDAP Search option?

0 Helpful

jaheshkhan
Level 4
Level 4
In response to j.smith@sepidarsystem.com

‎11-02-2021 09:02 AM - edited ‎11-03-2021 01:31 AM

Please check in LDAP search in CUCM.

System > LDAP > LDAP Search

You should provide the same LDAP query as mentioned in LDAP Filter. Then only it will show in jabber client it seems.

 

Also try searching by enabling UDS and check it from MRA.

Customers Also Viewed These Support Documents