03-18-2014 02:49 AM - edited 03-17-2019 04:02 PM
Hello,
After having issues myself with Cisco Jabber for Mac 9.2 specifically with Active Directory lookups not working, or contact information not populating (and therefore not being able to call users from the contact list as no telephone information exists) I am including a sample jabber-config.xml file that works for me.
Please note: there are many different ways to configure this. What I will be showing is the method that works for me and my deployment, which is pretty standard.
As always and as a disclaimer, once again, this is what has worked for my deployment scenario. Always keep backups of your configuration files, and always be mindful of anything you have configured already, especially in the jabber-config.xml file.
Background
My deployment is based on CUCM 9, with 1 publisher and 2 subscribers. I also have a CUCM IM & Presence 9.0 server. This assumes that you have already configured your deployment and Jabber is functioning already, albeit with the aforementioned issues.
As for Active Directory, my deployment will be based on Windows 2008 R2 Domain Controllers running in native 2008 mode. For this example, we will be searching directly against one of the DCs with a Global Catalogue role. Please be aware that in large deployments you will have to plan accordingly with regards to lookup traffic from Jabber clients to the DCs.
Also, as of Cisco Jabber for Mac 9, the client no longer can search via the CUCM internal directory (which may be made of local end users, Active Directory synced users, or a mix of both) and this must be done via a LDAP mechanism.
Scenario
In this deployment scenario, Cisco Jabber for Windows is working properly - you can search and add people from Active Directory, and contacts in your contact list have all the appropriate fields populated from Active Directory. However, when trying the same with Jabber for Mac, Jabber for iPhone or Jabber for iPad you notice that you cannot perform a directory lookup, and if you add people directly (for example, john@test.local) the user only has the IM field populated. No telephone, email or additional information is displayed.
Solution
Whereas Cisco Jabber for Windows uses the EDI mechanism (native Windows), whereby when running from a computer that is on the domain (or in the event that you are search for contacts in another Active Directory domain where a domain trust exists) , Jabber for Mac / iPhone / iPad uses the BDI mechanism.
In this case, you will need to provision a jabber-config.xml file that you will upload to your TFTP server (or Publisher) that will be "downloaded" by your Jabber for Mac client and also used by the iPhone and iPad client. You can configure many options in the jabber-config.xml file, but for this example we will place just the information that we need to order for these clients to request and display Active Directory information.
Please note that the configuration may vary depending on your deployment, but at the very least we will be:
- Configuring a DC where we will perform the lookup.
- Configure credentials that will be used to perform the lookup. This will be an Active Directory account that has read rights on the Active Directory domain. Please note that these credentials are saved in plain text in the file, so ensure that the account that you will be using is not privileged.
- Configure the server port that we will be using to perform the lookup.
- Configure the Search Base. This is basically where we want the directory lookup to happen. You can either choose for this lookup to start at the "base" of the domain (and therefore the search will iterate through all the user accounts and and OUs below the root base) or define a specific OU where you want to search.
Caution!
- There is a current limitation with Cisco Jabber for Mac whereby you can only have 1 search base configured. Please keep this in mind if, like me, you have multiple OUs (like an OU for each company in your organization) and under these OUs you have sub OUs as a user account container.
- If using the top level search base, unless you specify a filter, you will potentially be able to search for all user accounts in the domain. You will need to configure the <BDIBaseFilter> parameter if you want to fine tune your search ability.
Steps
These are the steps I have followed. Other steps or considerations may vary.
- Log in to your TFTP server and download the jabber-config.xml file and keep it as a backup. If you are already using the jabber-config.xml file for other purposes, do not worry - you can add your BDI information parameters inside.
- Remove the jabber-config.xml file
- Edit the jabber-config.xml file and configure thus:
<?xml version="1.0" encoding="UTF-8"?>
<config version="1.0">
<Directory>
<DirectoryServerType>BDI</DirectoryServerType>
<BDILDAPServerType>AD</BDILDAPServerType>
<BDIPrimaryServerName>DOMAIN CONTROLLER IP ADDRESS</BDIPrimaryServerName>
<BDIPresenceDomain>YOUR PRESENCE DOMAIN</BDIPresenceDomain>
<BDIServerPort1>3268</BDIServerPort1>
<BDISearchBase1>YOUR SEARCH BASE</BDISearchBase1>
<BDIConnectionUsername>USER@DOMAIN.LOCAL</BDIConnectionUsername>
<BDIConnectionPassword>PASSWORD</BDIConnectionPassword>
<BDIEnableTLS>0</BDIEnableTLS>
</Directory>
</config>
For example, let´s assume the following:
- Domain controller IP address is 10.1.1.2 .
- Your presence domain is test.local .
- Your search base will be test.local using the top level of the domain.
- Your username with which you will be doing your searches is called walt . Usually you can either identify walt as test.local\walt or walt@test.local . It is always best, in these sort of scenarios, to use the UPN convention so we will be configuring a walt@test.local .
- The password is the Active Directory password for the account walt .
- I have disabled TLS in my case. There are issues with the Jabber for Mac client when using other security methods.
<?xml version="1.0" encoding="UTF-8"?>
<config version="1.0">
<Directory>
<DirectoryServerType>BDI</DirectoryServerType>
<BDILDAPServerType>AD</BDILDAPServerType>
<BDIPrimaryServerName>10.1.1.2</BDIPrimaryServerName>
<BDIPresenceDomain>test.local</BDIPresenceDomain>
<BDIServerPort1>3268</BDIServerPort1>
<BDISearchBase1>DC=test,DC=local</BDISearchBase1>
<BDIConnectionUsername>walt@test.local</BDIConnectionUsername>
<BDIConnectionPassword>walt01!</BDIConnectionPassword>
<BDIEnableTLS>0</BDIEnableTLS>
</Directory>
</config>
One you have configured the jabber-config.xml file, you will now need to upload it to you TFTP server. Once uploaded, you will need to restart the Cisco TFTP service. Again, my TFTP server is on my CUCM publisher, so:
- I go to Cisco Unified OS Administration on my Publisher server, TFTP File Management and I upload jabber-config.xml to / directory
- I then go to Cisco Unified Serviceability on my Publisher server, I locate the Cisco TFTP service and I restart the service
Once this is done, you can figure up your Jabber for Mac client. As a test, on your Mac (using Terminal) go to:
/Users/username/Library/Application Support/Cisco/Unified Communications/Jabber/Config
In here you will see several files, but what we want to see is jabber-config.xml . As soon as you start the Jabber for Mac client and log in, the jabber-config.xml file will download from your TFTP server and get saved here. When you see it appear, just type in your terminal window more jabber-config.xml and make sure that the output is the same as the xml file you created.
From there, try doing directory search. If you have previously added contacts and they still lack attribute information, you will need to remove them (sometimes it will not refresh properly) and add them again from the directory.
I will be updating this guide and ammending anything that is incorrect, but this is meant to be a quick checklist and steps to get this, at least in the most very basic version, up and running for Jabber for Mac.
04-04-2014 05:17 AM
Hello,
Thanks for this post! It works, I can do lookup and also I can add found contact to contact list and get information about contact from LDAP.
One more question: - I can't get all information about contact. I don't get e.c mobile phone number and more others attributes. I have tried to expand your file as follows:
<?xml version="1.0" encoding="UTF-8"?>
<config version="1.0">
<Directory>
<DirectoryServerType>BDI</DirectoryServerType>
<BDILDAPServerType>AD</BDILDAPServerType>
<BDIPrimaryServerName>IP of AD</BDIPrimaryServerName>
<BDIPresenceDomain>Presence Domain</BDIPresenceDomain>
<BDIServerPort1>3268</BDIServerPort1>
<BDISearchBase1> Search Base</BDISearchBase1>
<BDIConnectionUsername>User</BDIConnectionUsername>
<BDIConnectionPassword>Password</BDIConnectionPassword>
<BDIEnableTLS>0</BDIEnableTLS>
<BDISipUri>msRTCSIP-PrimaryUserAddress</BDISipUri>
<BDIPhotoSource>thumbnailPhoto</BDIPhotoSource>
<BDIBusinessPhone>telephoneNumber</BDIBusinessPhone>
<BDIMobilePhone>mobile</BDIMobilePhone>
<BDIHomePhone>homePhone</BDIHomePhone>
<BDIOtherPhone>otherTelephone</BDIOtherPhone>
<BDITitle>title</BDITitle>
<BDICompanyName>company</BDICompanyName>
<BDILocation>co</BDILocation>
<BDIPostalCode>postalCode</BDIPostalCode>
<BDICity>l</BDICity>
<BDIState>st</BDIState>
<BDIStreetAddress>streetAddress</BDIStreetAddress>
</Directory>
</config>
But it didn't help.
When I capture lookup via Wireshark, I can see that Jabbers sends search request with bunch of attributes, but from LDAP answer contains only 8 attributes. (see attached screenshots)
01-07-2015 01:46 AM
Greetings,
thank you for the solution! It works for me! Do you have any idea if we should add something else under the .xml file to be able to use screen sharing for Jabber MAC 10.5? Screen sharing for Jabber MS 10.5 is OK, but for MAC the share icon is greyout and cannot be used.
01-10-2015 10:15 AM
Velin,
for screen share in Jabber for MAC, you need to be on an active call with that person to initiate a screen share. Try to place a call from Jabber to the other person and you will notice that the Screen Share button is now active.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide