IP PBX : Overview of DHCP | LDAP | SSO
Dynamic Host Configuration Protocol (DHCP) server enables Cisco Unified IP Phones, connected to either the customer's data or voice Ethernet network, to dynamically obtain their IP addresses and configuration information. DHCP uses Domain Name System (DNS) to resolve host names both within and outside the cluster.
• DHCP Server
• DHCP Subnet
1.12.1 DHCP Server
The following Dynamic Host Configuration Protocol (DHCP) servers are configured:
< No records found >
1.12.2 DHCP Subnet
The following Dynamic Host Configuration Protocol (DHCP) subnets are configured:
< No records found >
2. LDAP
Directory configuration for synchronization and authentication includes 5 objects:
• LDAP System
• LDAP Directory
• LDAP Authentication
• LDAP Custom Filter (CUCM 8.0 and later)
• LDAP Search (CUCM 11.5 and later)
The Cisco DirSync service ensures that the Cisco Unified Communications Manager database stores all user information. If you use an integrated corporate directory, for example Microsoft Active Directory or Netscape/iPlanet Directory, with Cisco Unified Communications Manager, the Cisco DirSync service migrates the user data to the Cisco Unified Communications Manager database. The Cisco DirSync service does not synchronize the passwords from the corporate directory.
LDAP authentication can be only used if synchronization with the customer LDAP directory is enabled and will then forward authentication requests to the LDAP. Passwords are never synced to the local database.
2.13.1 LDAP System
The LDAP system object allows to enable LDAP synchronization and to set up the LDAP server type and the LDAP attribute name for the user ID. LDAP System Name Value Enable Synchronizing from LDAP Server Y LDAP Server Type Microsoft Active Directory LDAP Attribute for User ID sAMAccountName
LDAP System
|
|
Name
|
Value
|
Enable
Synchronizing from LDAP Server
|
Y
|
LDAP Server Type
|
Microsoft Active
Directory
|
LDAP Attribute for
User ID
|
sAMAccountName
|
2.13.2 LDAP Directory
Synchronization of Cisco Unified Communications Manager (CUCM) with a corporate LDAP directory allows reuse of user data stored in the LDAP directory and allows the corporate LDAP directory to serve as the central repository for that information. Cisco Unified Communications Manager (CUCM) has an integrated database for storing user data and a web interface within Cisco Unified Communications Manager (CUCM) Administration for creating and managing user data in that database. When synchronization is enabled, that local database is still used, but the Cisco Unified Communications Manager (CUCM) facility to create user accounts becomes disabled. Management of user accounts is then accomplished through the interface of the LDAP directory.
The user account information is imported from the LDAP directory into the database located on the Cisco Unified Communications Manager (CUCM) publisher server. Information that is imported from the LDAP directory may not be changed by Cisco Unified Communications Manager (CUCM). Additional user information specific to the Cisco Unified Communications Manager (CUCM) implementation is managed by Cisco Unified Communications Manager (CUCM)
and stored only within its local database. For example, device-to-user associations, speed dials, and user PINs are data that are managed by Cisco Unified Communications Manager (CUCM), and they do not exist in the corporate LDAP directory. The user data is then propagated from the Cisco Unified Communications Manager (CUCM) publisher server to the subscribers via the built-in database synchronization.
You can make changes to LDAP Directory information and LDAP Authentication settings only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System.
LDAP Directory
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Name
|
Info
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Microsoft_LDAP
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2.13.3 LDAP Authentication
The LDAP authentication feature enables Cisco Unified Communications Manager (CUCM) to authenticate end user passwords against a corporate LDAP directory instead of using the embedded database. This authentication is accomplished with an LDAPv3 connection established between the IMS module within Cisco Unified Communications Manager (CUCM) and a corporate directory server.
You can make changes to LDAP Directory information and LDAP Authentication settings only if synchronization from the customer LDAP directory is enabled in the Cisco Unified Communications Manager Administration LDAP System.
The following statements describe Cisco Unified Communications Manager (CUCM)'s behavior when authentication is enabled:
• End user passwords are authenticated against the corporate directory.
• Application user passwords are authenticated against the Cisco Unified Communications Manager (CUCM) database.
• End user PINs are authenticated against the Cisco Unified Communications Manager (CUCM) database. LDAP Authentication LDAP Authentication for End Users Use LDAP Authentication for End Users Y LDAP Manager Distinguished Name terra.conlon@rc2.local LDAP User Search Base dc=rc2,dc=local LDAP Server Information Server Info Host Name or IP Address for Server LDAP Port Use TLS 10.22.110.6 636 Y
·
LDAP Authentication
|
|||||||
LDAP Authentication for End Users
|
|||||||
Use LDAP
Authentication for End Users
|
Y
|
||||||
LDAP Manager
Distinguished Name
|
terra.conlon@rc2.local
|
||||||
LDAP User Search
Base
|
dc=rc2,dc=local
|
||||||
LDAP Server Information
|
|||||||
Server Info
|
|
||||||
2.13.4 LDAP Custom Filter
The LDAP filter filters the results of LDAP searches when Cisco DirSync is in use. LDAP users that match the filter get imported into the Cisco Unified Communications Manager database, while LDAP users that do not match the filter do not get imported.
The filter must comply with the regular LDAP search filter standards specified in RFC 4515. Enclose the filter text within parentheses (). It is recommended to verify the LDAP search filter against the LDAP directory-searchbase by using the ldapsearch command.
You apply LDAP filters to LDAP directories. Before you can synchronize the LDAP directory, you must activate the Cisco DirSync service.
The following LDAP filters are defined:
< No records found >
2.13.5 LDAP Search
LDAP Search allows the configuration of LDAP search filters for users and groups.
LDAP Search
|
|
LDAP Search for enterprise users through UDS
|
|
Enable user search
to Enterprise Directory Server
|
N
|
LDAP Manager
Distinguished Name
|
|
LDAP User Search
Base 1
|
|
LDAP User Search
Base 2
|
|
LDAP User Search
Base 3
|
|
LDAP Custom Filter
for Users
|
< None >
|
Recursive Search on
All Search Bases
|
Y
|
UDS Tag to LDAP Attribute Mapping
|
|
User Fields
|
< No
records found >
|
UC Service Directory Information
|
|
Primary Server
|
< None >
|
Secondary Server
|
< None >
|
Tertiary Server
|
< None >
|
SAML Single Sign-On
The single sign on feature allows end users to log into a Windows client machine on a Windows domain, and to then use certain Cisco Unified Communications Manager applications without having to sign on again. SAML Single Sign-On Name SSO Status Description rc2uccmpub01.rc2.local Disable UC Demo Stack Publisher rc2uccmsub01.rc2.local Disable UC Demo Stack Subscriber rc2ucimppub01.rc2.local Disable UC Demo Stack IMP Publisher rc2ucimpsub01.rc2.local Disable UC Demo Stack IMP Subscriber
SAML Single Sign-On
|
||
Name
|
SSO Status
|
Description
|
rc2uccmpub01.rc2.local
|
Disable
|
UC Demo Stack
Publisher
|
rc2uccmsub01.rc2.local
|
Disable
|
UC Demo Stack
Subscriber
|
rc2ucimppub01.rc2.local
|
Disable
|
UC Demo Stack IMP
Publisher
|
rc2ucimpsub01.rc2.local
|
Disable
|
UC Demo Stack IMP
Subscriber
|
