Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
LDAPv3 directories typically store data that does not change often, such as employee
information and user privileges on the corporate network. The information is stored in a
database that is optimized for a high number of read and search requests and occasional
write and update requests.
126 Chapter 6: Managing User Accounts
LDAPv3 Integration
Integration between voice applications and a corporate LDAPv3 directory is a common task
for many enterprise IT organizations.
LDAPv3 directory services are leveraged to enable user lookups from IP phones. Users can
dial a contact directly after looking up the number in the directory.
Another common task is to provision users automatically from the corporate directory into
the user database of CUCM. This method prevents having to add, remove, or modify core user
information manually each time a change occurs in the corporate directory.
Authentication of end users and CUCM administrators using the corporate directory
credentials is typically desired. LDAPv3 allows a single sign-in functionality to any
applications integrated with the LDAPv3 server. Single sign-in greatly reduces the number
of passwords that each user needs to maintain across different corporate applications.
Cisco Unified IP Phones access the LDAPv3 directory when the Directory button is pressed.
The IP phone responds to the Directory button click by sending an HTTP directory lookup
request to the Apache web server on CUCM. The response from CUCM contains
Extensible Markup Language (XML) user information objects that the phone displays to
the person using the phone.
Cisco Unified IP Phones perform user lookups against the embedded CUCM database
by default. The directory lookup can be configured to allow the IP phones to access a
corporate LDAPv3 directory. The phones would then send their HTTP user lookup requests
to an external web server that operates as a proxy to the LDAPv3 server. The user lookup
requests are translated into LDAPv3 queries against the corporate directory. The LDAPv3
response is then encapsulated in the appropriate XML objects and sent back to the phones
via HTTP.
CUCM supports the following directories:
■ Microsoft Active Directory (2000 and 2003)
■ Netscape Directory Server 4.x
■ iPlanet Directory Server 5.1
■ Sun ONE Directory Server 5.2
LDAPv3 Synchronization 127
CUCM supports two types of LDAPv3 integration, which can be enabled independently of
each other:
■ LDAPv3 synchronization: Allows user provisioning where personal and
organizational data is managed in an LDAPv3 directory and replicated to the
Cisco Unified CM IDS database.
■ LDAPv3 authentication: Allows user authentication against an LDAPv3 directory.
Passwords are managed in the central LDAPv3 server when LDAPv3 authentication is
turned on.
No comments:
Post a Comment