Q: How do I synchronize UC accounts from the LDAP server?
A: Set LDAP synchronization parameters on the BMU as the admin user to periodically synchronize user data from the LDAP server to the BMU. After the data is synchronized to the BMU, you need to configure UC accounts to use UC services.
What Is LDAP?
The Lightweight Directory Access Protocol (LDAP) is a directory data storage mode. It organizes data in a tree structure and provides the quick query mode for static data. Each entry stored in the LDAP has a unique distinguished name (DN), for example, dn: dc=company,ou=department,ou=team,cn=member1. This DN-level syntax structure clearly shows the specific location of each entry in the LDAP tree structure.
Currently, two types of LDAP servers are supported: AD and OpenLDAP.
How to Set LDAP Synchronization Parameters on the BMU?
If LDAP synchronization is enabled, you cannot create, modify, or delete accounts directly on the BMU. You need to create, modify, or delete accounts on the AD or OpenLDAP server, and then synchronize user data to the BMU.
Step 1 Log in to the BMU as the admin user.
The URL of the BMU management portal is https://IP address of the BMU server:18443.
Step 2 Choose System> LDAP Integration.
Step 3 Click the LDAP Integration tab and set LDAP synchronization parameters.
Figure 1-1 Setting LDAP synchronization parameters
Table 1-1 Setting LDAP synchronization parameters
|
Parameter |
Description |
|
Synchronization |
Indicates whether to synchronize user data from the LDAP server to the BMU database. In this commissioning task, set this parameter to Enable. |
|
Server Type |
Indicates whether user data is synchornized from the AD or OpenLDAP server. In this example, select AD. |
|
SSL |
Indicates whether to use SSL to synchronize data. It is recommended that SSL be enabled for security. |
|
Server IP Address |
Indicates the IP address of the AD or OpenLDAP server. |
|
Server Port Number |
lSet this port to 636 when SSL is enabled. lSet this port to 389 when SSL is disabled. |
|
Bound DN |
Indicates a user on the AD or OpenLDAP server, consisting of cn and dc. Example: cn=administrator,dc=example,dc=com lSet cn to the administrator account. lSet dc to the domain name of the LDAP server, in left-to-right order. |
|
Server Password |
Indicates the password of the administrator user on the AD or OpenLDAP server. NOTE If the LDAP administrator account or password is changed, change the user name or password on the BMU in a timely manner. Otherwise, user data synchronization will fail. |
|
Directory to Be Synchronized |
Indicates the directory of the department on the AD or OpenLDAP server from which you want to synchronize data. The directory consists of ou and dc. lSet ou to the names of the nodes in the enterprise department tree on the AD or OpenLDAP server, in the order from the current department to the upper-layer department. lSet dc to the domain names on the AD or OpenLDAP server, in left-to-right order. For example, to synchronize all users in the UCPDU -> UCService department, set this parameter to ou=UCService,ou=UCPDU,dc=example,dc=com. |
|
Domain Name |
Indicates the domain name of the AD or OpenLDAP server. In this example, set this parameter to example.com. |
|
Synchronization Interval |
Indicates the interval for incremental synchronization. The unit is minute. NOTE If you change the value of this parameter, the change takes effect after the next synchronization. To make the change take effect immediately, restart the BMU service. |
|
Synchronization Type |
Indicates the type of the next system automatic synchronization: incremental synchronization or full synchronization. NOTE The first synchronization operation on the AD is full synchronization. The subsequent synchronization operations are all incremental synchronization. All synchronization operations on the OpenLDAP server are full synchronization. |
|
Directory Not to Be Synchronized |
Indicates the directory that does not need to be synchronized from the AD or OpenLDAP server, consisting of ou and dc. If users in the UCPDU -> UCService -> MAA department do not need to be synchronized, set this parameter to ou=MAA,ou=UCService,ou=UCPDU,dc=example,dc=com. NOTE If there are multiple directories under which users do not need to be synchronized, separate these directories by semicolon (;), for example, ou=MAA,ou=UCService,ou=UCPDU,dc=example,dc=com;ou=TTT,ou=UCService,ou=UCPDU,dc=example,dc=com. |
Step 4 Click Test Connection.
l If the "Connection successful" message is displayed, parameters are set correctly.
l If the "Connection failure" message is displayed, check the network between the BMU and the LDAP server, port number of the LDAP server, and account/password configuration, and rectify the fault.
Step 5 Click Save to save the LDAP parameters.
Step 6 Click Full Synchronization or Incremental Synchronization (applying only to the AD server). In the dialog box that is displayed, click OK.
In the Synchronization Status dialog box, view the synchronization progress. After the synchronization is complete, check whether the organization structure and UC account information are consistent with those on the LDAP server on the Users > Account List page.
----End
How to Configure UC Accounts for the Synchronized LDAP Users
After the LDAP user data is synchronized to the BMU, you need to configure UC accounts to use UC services.
Step 1 Log in to the BMU as the admin user.
The URL of the BMU management portal is https://IP address of the BMU server:18443.
Step 2 Choose Users> Account List.
Step 3 Click Export on the Add One tab, and download the batch export file on the Batch Operation Result tab.
Step 4 Modify account information in the Excel file and save the file. Table 2-2 lists the main parameters. For the description of the other parameters, see the Parameter Description sheet in the Excel file.
Table 1-2 UC account parameters
|
Parameter |
Description |
|
UC User |
Indicates an account used for logging in to the UC soft client or the BMU self-service portal. The account cannot contain Chinese characters or the following special characters: \ / : * ? " < > | |
|
Role |
You can also customize roles and specify rights of the roles. Default role types include administrators and common users. You can add roles on the Users > User Roles page on the BMU. |
|
Dept. No. |
Indicates the number of the department that the UC account belongs to. Find the corresponding department number on the Dept List sheet in the Excel file and enter the number here. Department numbers in the Excel file are exported from the BMU. You must first add department numbers to the BMU and then export them to the Excel file. For details about how to add department information, see Creating a Department. |
|
User Level |
Used to manage users. Lower-level users cannot query information about higher-level users. The default value is Level1. You can add user levels on the Users > User Levels page on the BMU. |
|
Number Policy |
The number allocation policy defines the USM, authentication mode, and number rights for SIP numbers. You can add umber allocation policies on the Users > Number Allocation page on the BMU. |
|
Service number |
A UC account can enable voice communication only after it is bound to a service number. One service number can be bound with only one UC account. l If you enter a SIP number that has been added on the BMU, you do not need to set Number Policy. l If you enter a SIP number that has not been added on the BMU, you must set Number Policy. |
|
UC Rights |
After UC rights are enabled, an enterprise user can log in to eSpace Desktop or eSpace Mobile. |
|
Sort Directory |
Indicates the priority of an enterprise user in the directory. An enterprise user with a higher priority ranks higher in the directory. The value ranges from 0 to 999999999. The default value is 10000. |
|
UserState |
Indicates the status of the UC account. The options are Normal or Exception. l Accounts in Normal state can be assigned to enterprise users for them to use. l Accounts in Exception state cannot be used. They are visible to only the system administrator. They cannot be queried in the corporate directory. |
Step 5 On the Account List page, click the Add in batches tab to import UC accounts in batches.
Figure 1-2 Importing UC accounts in batches
----End
More Information
For more information, see Synchronizing UC Accounts from the LDAP Server in the eSpace EC V300R001 Product Documentation.
This post was last edited by UCC_Express at 2018-09-19 01:14.
