cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40160
Views
255
Helpful
46
Replies

Ask the Expert: Directory Integration of Jabber client (EDI/BDI/UDS)

ciscomoderator
Community Manager
Community Manager

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Directory Integration of Cisco Jabber client.

Ask questions from Monday, April 13th, 2015 to Friday, April 24th, 2015

Cisco Jabber has the capability to obtain the directory information directly from either LDAP or CUCM server- using EDI, BDI or UDS. Enhanced Directory Integration (EDI) is an LDAP-based contact source for Cisco Jabber for Windows clients. Basic Directory Integration (BDI) is an LDAP-based contact source for non-Windows Jabber clients (MAC and Mobile).Cisco Unified Communications Manager UDS is a Cisco Unified Communications Manager contact source and is available as a contact source for all Cisco Jabber clients. UDS is the contact source used for Expressway Mobile and Remote Access.

The directory parameters can be configured using jabber-config.xml file or the service profile. Alternatively, Cisco Jabber for Windows can also automatically discover and connect to the directory server if the workstation on which you install Cisco Jabber is on the Microsoft Windows Active Directory domain.

Furthermore, Cisco Jabber can also search for contacts from the Personal Address book in Microsoft Outlook client using MAPI when both the clients co-exist in a PC.

This session aims in helping customers with the design, configuration and troubleshooting of Cisco Jabber Directory Integration.

Ritesh TandonRitesh Tandon is currently a senior engineer on the collaboration team in Bangalore TAC. His areas of expertise include Cisco Unified Communications Manager and UC applications which integrates with it. Ritesh has over 5 years of experience in Unified Communications as a whole. He focuses on troubleshooting and working with various voice products and clients, including Cisco unified communication manager, Cisco Jabber, Cisco Im and Presence Server, Cisco Attendant Console Suite , Cisco Emergency Responder and many more. Prior to joining Cisco he has also worked on Nortel\Avaya PBX and Contact Center Deployments. He holds a Bachelor of Engineering degree in Electronics and Telecommunication from Punjab technical University.

Nirmal IssacNirmal Issac is a customer support engineer in Cisco TAC team for Unified Communications technology based in Bangalore. His area of expertise include Cisco Unified Communications Manager, IM & Presence server, Cisco Jabber, Cisco Emergency Responder and Attendant Console. He has over 3 years of industry experience working with large enterprises and Cisco Partners. He holds a Bachelor of Engineering degree in TeleCommunication. He also holds CCIE certification (#45964) in Collaboration technology.

Find other  https://supportforums.cisco.com/expert-corner/events.

**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

46 Replies 46

Hi Ritesh

Thank you for such an amazingly detailed response. Unfortunately we will continue to utilize the _cuplogin method for service profile retrieval for the foreseeable future. I'm assuming _cisco-uds is required due to the "Use logged on User Credentials" flag not being available via the SOAP interface that CUP uses against UCM?

Regardless, I'd like to more accurately explain the scenarios for which we are trying to account:

Scenario 1 (in use today) - PC's and Mac's joined to the same domain in which their users accounts reside, Service Discovery via _cuplogin and jabber-config.xml. EDI for the PC's and the Mac's use BDI via stored credentials in the Service Profile(s). The obvious improvement here is to not use shared credentials for the Mac users - if the service account get's locked or needs to be updated, it causes a service outage for all Macs and requires many profiles to be updated.

It would appear that the check box would work for these users - if we were using the _cisco-uds record.

Scenario 2 - PC's joined to a different domain than the IM/P User account (the credentials used to log into the PC are irrelevant in the other domain), Service Discovery via _cuplogin and a special Jabber client bootstrapped to look for jabber-config-offdomain.xml. The jabber-config-offdomain file directory config looks like this:

    <PrimaryServerName>domain.controller.fqdn</PrimaryServerName>
    <ServerPort1>636</ServerPort1>
    <UseWindowsCredentials>0</UseWindowsCredentials>
    <ConnectionUserName>ldapaccount in UPN format</ConnectionUserName>
    <ConnectionPassword>xxxxxx</ConnectionPassword>
    <UseSSL>1</UseSSL>

The improvement here being the removal of the hardcoded credentials in the config file and reliance on the Service Profile for LDAP credentials (either via stored server side credentials or preferably the Use logged on User checked box)..

That really gets to the heart of my question - what user credentials is that check box referring to? The credentials used to log into the PC or the credentials used to log into Jabber...i'm really hoping the latter.

 

Thanks

Zack

 

 

pierrescotland
Level 1
Level 1

Hi There,

We have been testing Jabber integration using EDI (for Windows) and BDI (for mobile).

We are using the following config for BDI to allow use of AD contact photo.

  <BDIPhotoSource>thumbnailPhoto</BDIPhotoSource>

When connecting in the office (not through Collab edge), contact photos seem to work OK and the list is populated on iphone etc.

When client comes in through Copllab edge, the Directory searches are OK but the contact photos do not show up at all unless they are already cached on the client device.

Why is this?   The directory is being accessed OK so I'm having trouble understanding why this does not work.

cucm 10.5, Jabber client 10.6.1 (iphone)

 

p.s. Why does Jabber not sync *all* the telephone numbers listed for the user from AD? 

It's also fairly annoying having to populate 'other' with the users internal telephone number! (Surely jabber should know the user's DN and not have to replicate this?)  Note that we and a lot of clients use external International Direct Dial in AD field.

Many thanks,
Peter.

Hi Peter ,

For the first part of your query :-

Jabber clients (whether jabber windows or jabber mobile (like iPhone or android)) use UDS only, when connecting via MRA/Collab-edge.
Which is the reason why BDI is not used when you are using collab-edge and contact photos are only shown when cached.

Directory searches actually work because they are being handled by UDS\CUCM.
Since contact photos do not reside on CUCM , therefore you get no photos.
To solve this problem you have host the contact photos on a Web server which is reachable from outside your network and put this configuration in the jabber-config.xml file under directory tab :-
<UdsPhotoUriWithToken>http://server_name/%%uid%%.jpg</UdsPhotoUriWithToken>

For more information you can refer this :-
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_6/CJAB_BK_C56DE1AB_00_cisco-jabber-106-deployment-and-installation-guide/CJAB_BK_C56DE1AB_00_cisco-jabber-106-deployment-and-installation-guide_chapter_01111.html#CJAB_RF_CEA70FA2_00

 

For your second part of your query :-

 

I understand that you would like jabber to get the user's extension automatically, when searched (as what is configured on CUCM ,as a DN for that user) instead of you manually configuring it on the 'other' telephoneNumber attribute on AD.
I can understand you have configured jabber to talk to AD for contact searches ,so AD does not have this information (i.e. user's extension) unless you configure in it.
Also currently even if we point jabber to search CUCM using UDS , contact information which we get back from CUCM for a user,is the one which you see on the end user's page
I can only say that this can be taken up an enhancement where we can get the user's extension from CUCM and concatenate that with the result which jabber gets after searching the user against a directory source.

Hope this helps.

If i may have mis-understood your second query , please do correct me.

 

Thanks,

Ritesh Tandon

Many thanks for the reply and Information.

This leads to some other queries though:-

Since the whole point of having a Directory such as AD is *not* to have to maintain separate databases, such as a separate webserver with contact photos,

a) When will UDS also natively contain or return the contact photos?

or

b) When will Collb Edge support BDI or EDI?

Since Cisco do seem to have grasped that End User experience is key, I would have thought having the same experiance whether in or out the office would be a priority, and for me the collab edge is not *quite* there.  Getting close though!

cheers

Hi Peter,

 

I am happy to hear that we are actually coming up to your expectations :)

But , right now i would not have any definite information\timelines on when these would be supported :-

++ When would contact photos also being hosted on CUCM , so that UDS can return them when connected over MRA\Collab-edge.
++ When would EDI\BDI be supported with Collab-edge.

These are actually enhancements ,and I believe BU's from jabber,CUCM,VCS would have to work together in figuring these out.

But , thank you for your constructive feedback. I will surely send this across to them, so that they can consider putting these on their respective future road-maps.

 

Thanks,

Ritesh Tandon

 

getamessay
Level 1
Level 1

Hi all,

I am very new to jabber and run some problems. I have the following suitation

1. External  IBM Domino   ldap   server for contact search. Users are from external company.

2. Contact   Photos for internal users hosted on a Web server. Http://server/emailaddress.jpg

3. Windows AD for jabber authentication

The idea was to populate contact photos for internal users and use the ldap server for external contact search.

Please give me some direction.

Thanks

Hi Getamessay,

Thank you for posting the query. From your query, I understand the below requirements.

a) CUCM is Synced with AD server, hence authentication should happen with AD.

b) Jabber should perform contact search from IBM Domino server

TAC Support

Cisco TAC / Jabber Development team supports only the below contact sources for Cisco Jabber. Please refer the below guide.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_6/planning-guide/CJAB_BK_CD3376A0_00_cisco-jabber-106-planning-guide/CJAB_BK_CD3376A0_00_cisco-jabber-planning-guide_chapter_0101.html#JABW_RF_DC70A650_00

Contact Sources

I do not think that Cisco Jabber would extend the support for Dominos any time soon. So, the Integration with Dominos - even if it works, will not be supported by Cisco TAC.

CUCM server also officially does not support Domino, thus we cannot sync the users to CUCM.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/10_0_1/ccmsys/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100_chapter_010011.html#CUCM_TK_C4E65231_00

Work around:

If you want to move ahead with the same requirement, we can analyze logs and try to help you as a best effort  to understand where the Sync fails and we can try to fix it by modifying the parameters. Again, the solution will not be supported by Cisco TAC in case of a network down situation.

If so, please provide me the jabber-config.xml file that you have deployed, along with the Problem Report from Jabber client after recreating the issue. Also, please provide the below information:

a) The time when the search was made

b) The user whom you seached for

c) IP Address / Hostname of Dominos server

d) Packet capture from the PC

c) Photo retrieval from Web Server.

The  configurations required for photo retrieval from WebServer are listed in the below link.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01011.html#CJAB_RF_C00458A0_00

Please let me know if you have any additional questions. I hope this helps.

Regards-- Nirmal Issac

Hi Nirmal,

Thanks for the response.  

 

For now I would like to fix the photo retrieval. I am using Apache Web server URI  source  where the photos are stored.  What attributes can I use for 

BDIPhotoUriWithToken? Do I need any directory integration for photo retrieval?

 

Regards

Getamessay

Hi Getmessay,

Thank you for the response. The parameters that I provided earlier are EDI and BDI parameters. That method of photo retrieval works only with LDAP as the tokens are obtained from the values in LDAP attributes.

Yes, you need either LDAP / UDS directory integration for the photo retrieval to work. As LDAP integration failed with Domino, I would recommend configuring UDS so that the users in CUCM can be fetched for Directory search and Web Server can be used for photo retrieval. Please refer the below guide.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01011.html#CJAB_RF_CEA70FA2_00

Sample Configuration for UDS Photo retrieval:

<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
<UdsPhotoUriWithToken>http://server-name/%%uid%%.jpg</UdsPhotoUriWithToken>
</Directory>

In the above configuration, the contact information will be fetched from CUCM using UDS. Jabber client will replace  %%uid%% with the UserID of the contact. Hence the name of the photo saved in Web Server for a user should be (His UserID in CUCM).jpg

Please let me know if you have any questions.

Regards - Nirmal Issac

Hi Getamessay,

 

As my colleague as already pointed out that Lotus Domino is not supported for LDAP sync with CUCM and as a directory source for jabber.
Therefore, I will just try to explain the possible scenario's you have (i.e. without the Domino), already explained by my colleague, in a different way :-

 

Scenario 1 :-

Using MS AD as a Directory Source for Jabber clients (EDI\BDI) and pointing jabber to get contact photos from web server.


Please see this diagram which will give you a visual representation of what it would look like :-

 

The configuration which you would need to include in the jabber-config.xml file, would look like the following :-

++ For EDI ++

<PhotoUriSubstitutionEnabled>true</PhotoUriSubstitutionEnabled>
<PhotoUriSubstitutionToken>sAMAccountName</PhotoUriSubstitutionToken>
<PhotoUriWithToken>http://www.jabber-photo.com/Photos/sAMAccountName.jpg</PhotoUriWithToken>

++ For BDI ++

<BDIPhotoUriSubstitutionEnabled>true</BDIPhotoUriSubstitutionEnabled>
<BDIPhotoUriSubstitutionToken>sAMAccountName</BDIPhotoUriSubstitutionToken>
<BDIPhotoUriWithToken>http://www.jabber-photo.com/Photos/sAMAccountName.jpg</BDIPhotoUriWithToken>

So, when user is searched in MS AD, the 'sAMAccountName' value returned for the user would be used as the name of the .jpg photo for that user, in the url request to fetch the contact photo from Web server.
If you do not want to give 'sAMAccountName' here , then you can give any other AD attribute like 'EmployeeID', but then just make sure you have saved the contact photo as <EmployeeID>.jpg on the web server.

 

 

Scenario 2 :-

Using CUCM as a Directory Source for Jabber clients (UDS) and pointing jabber to get contact photos from web server.

 

Please see this diagram which will give you a visual representation of what it would look like :-

The configuration which you would need to include in the jabber-config.xml file, would look like the following :-

<DirectoryServerType>UDS</DirectoryServerType>
<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%uid%%.jpg</UdsPhotoUriWithToken>

Jabber client will replace  %%uid%% with the UserID of the contact. Hence the name of the photo saved in Web Server for a user should be (His UserID in CUCM).jpg

 

For your reference and understanding , i have also attached sample jabber-config.xml files from my lab ,which have the required configuration for both the above scenario's.

 

Hope this helps.

In case you have any further queries on the above , please do let us know.

 

Thanks,

Ritesh Tandon

Hi Ritesh,

Many thanks for the explanation. I will test UDS option with mail ID of the contact.  Not with UserID. If possible :

<DirectoryServerType>UDS</DirectoryServerType>
<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%mail%%.jpg</UdsPhotoUriWithToken>

The other question: is it possible to have contact lookup from a web server?

Regards;

Getamessay

Hi Getamessay,

 

Thank you for the response.

 

a) I will test UDS option with mail ID of the contact.  Not with UserID

I think there is a confusion with the term 'UserID'. The UserID is the value that CUCM lists in e thend-user page. It can be mapped with the attributes in LDAP as follows.

 

And the userID will be reflected in the End User page.

 

 

The configuration <UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%mail%%.jpg</UdsPhotoUriWithToken> is invalid.

The configuration should remain as:

<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%uid%%.jpg</UdsPhotoUriWithToken>

 

For eg,

In my lab, my account details are as below:

sAMAccountName: nissac

mail: nissac@cisco.com

UserID

In System --> LDAP --> LDAP System; if I select sAMAcountName, then the name of the jpg file should be nissac.jpg.

 

If I select mail, then the name of the jpg file should be nissac@cisco.com.jpg

In both the scenarios, the below configuration remains the same:

<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%uid%%.jpg</UdsPhotoUriWithToken>

 

b) The other question: is it possible to have contact lookup from a web server?

 

This is currently not supported. The  contact source should either be LDAP or CUCM.

 

 

Please let us know if you have any additional queries.

 

Regards

Nirmal Issac

Hi Nirmal,

Thank you.

I fully understand UID attribute. In my case, photos are stored in the web server as follows "Email address.jpg": geta@unvienna.org.jpg.

That was why I tried to use the mail ID.

What other attribures can I use other than uid in UDS deployment.

<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%uid%%.jpg</UdsPhotoUriWithToken>

Regards,

Getamessay

Hi Getamessay,

 

Thank you for the mail. I'm glad that we were able to help you.

 

The attribute depends on the LDAP System configuration in CUCM.

All the of the above attributes can be made the uid. Although the below configuration remains the same, Jabber will replace %%uid%% with the value taken from CUCM.

<UdsPhotoUriWithToken>http://www.jabber-photo.com/Photos/%%uid%%.jpg</UdsPhotoUriWithToken>

 

Please let me know if you have any further queries.

Regards

Nirmal Issac

Hi,

I want to make the multiple DCs auth. for the Jabber. Actually, my Windows AD support the global catalog lookup & auth., but the sAMAccountName will be conflicted on the different child-domains on the same tree.

Finally, I should change the CUCM LDAP auth. from "sAMAccountName" to "UserPrincipalName", that is not support on Jabber until now. Any idea on Jabber to support the big AD environment of multiple DCs' domain?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: