How to integrate Windows Active Directory (AD) with Cisco Unified Communications Manager? LDAP integration centralizes the user management and the end user attributes will be synced from the LDAP (Lightweight Directory Access Protocol) Server.
The widely used LDAP database is Microsoft Active Directory (AD). In this article I would like to implement LDAP integration with CUCM (Cisco Unified Communications Manager) from the scratch. ‘dirsync’ is the service responsible for LDAP synchronization in the Call Manager.
The procedure would be pretty straight forward. Usually as a UC Engineer do not want to setup Microsoft Active Directory that would be handled by the Windows / Microsoft team. You will be playing the role, when it comes to integrate with Call Manager. LDAP synchronization with active directory provides Cisco phone directory feature where you can have a centralized contact/ address book.
If you are setting up a UC Lab, I recommend you to go through my article How to setup Windows DNS and Active Directory for Cisco UC Lab.
[Note: Only the End Users can be integrated with LDAP server, Applications users are not supported via LDAP. That you have to create manually.]
Well, let’s begin with the CUCM LDAP integration steps. Below is the connection diagram.
Step 0: Setup and AD Service Admin Account for LDAP Sync
This is actually done by the Microsoft/ Windows Server Team. I will just quickly show you how to set it up.
Open Active Directory >> Users and copy the Administrator.
Give new name and password. I prefer ldap.admin@YOURDOMAIN.com
[Note: You can use the AD Administrator for this but I strongly advise to create a separate admin account for LDAP integration.]
Step 1: Activate Cisco DirSync Service
Go to Cisco Unified Service Ability >> Tools >> Service Activation >> then check Cisco DirSync and Save. (If it is already activated, you may skip this step.)
Step 2: Enable Synchronization from LDAP Server
Go over to System >> LDAP >> LDAP System
- Check the [✔] Enable Synchronization from LDAP Server
- LDAP Server Type: Microsoft Active Directory
- LDAP Attribute of User ID: sAMAccountName
Step 3: Configure LDAP Directory
Go to System >> LDAP >> LDAP Directory >> Add New
- LDAP Configuration Name: [CCIECOLLAB_AD]
- LDAP Manager Distinguished Name: firstname.lastname@example.org (Created in Step 0)
- LDAP Password: Password for email@example.com
- Confirm password: [Enter the password again]
- LDAP User Search Space : DC=CCIECOLLAB, DC=COM [From where do you want to import]
[Note: LDAP user search base is the place where call manager will reach and queries for the users.]
Standard search space would be of the following format,
ou= [AD Organizational Unit]
dc= [Domain Name]
I haven’t used the OU hence all the users from the root domain will be synced.
- LDAP Synchronization Schedule: [Set according to your requirement]
- Choose Phone number as ipPhone (Not mandatory)
- Add Access Control Groups (Not mandatory)
[Note: Once we add Access Control Groups in the LDAP Directory configuration, whoever is imported via LDAP will be getting those Access Control Group roles.]
- LDAP Server Information: [Provide the IP of Windows Active Directory Server]
[Note: If you have Redundant LDAP Server, you may add it here itself.]
Walah! You have done with CUCM LDAP Directory configuration.
Step 4: Enable LDAP Authentication
It is highly recommended to enable LDAP Authentication also in the UC Cluster. The LDAP authentication feature enables Unified CM to authenticate LDAP synchronized users against the corporate LDAP directory.
Without LDAP Authentication, all the user password authentication managed by call manager itself (We can set password for the user from the CUCM admin GUI). Once we enable LDAP Authentication, every user password authentication will be managed by the LDAP Server, hence you will get a centralized password management.
[Note: PINs of all end users are always checked against the local database only.]
Go over to System >> LDAP >> LDAP Authentication >> Add new
Configure it as follows,
Now we are good to go!
Step 5: Perform Full Sync Now
Go to System >> LDAP >> LDAP Directory >> and click Perform Full Sync Now.
Now all the users from the LDAP Server will be synced with Call Manager.
To verify that, go to User Management >> End User >> Find
This is all about CUCM LDAP integration and configuration. I hope it’s informative for you, Please let me know your feedback via the following comment box. Like our facebook page to get latest updates. In my next article I will be coming up with LDAP Custom Filter configuration for Cisco Unified Communications Manager.