Directory on Jabber on iPhone without BDIConnectionUsername

Denis Pointer · ‎05-11-2016

Hello,

I have Jabber working on our iPhones, but the directory search is not working. If I configure the jaber-config.xml to define our AD server IP, search base, BDIConnectionUsername and BDIConnectionPassword it works. but I do not like the fact that the username and password are in clear text.

Is there a way to configure this that should work without defining the credentials in the jabber-config file?

The sanitized version of my jabber-config entries that get the directory working are:

<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Directory>
<BDIPrimaryServerName>LDAP Server IP</BDIPrimaryServerName>
<BDIPresenceDomain>Presence Domain (different then AD domain)</BDIPresenceDomain>
<BDIServerPort1>389</BDIServerPort1>
<BDISearchBase1>OU=People,DC=mydomain,DC=com</BDISearchBase1>
<BDIConnectionUsername>username@mydomain.com</BDIConnectionUsername>
<BDIConnectionPassword>Password</BDIConnectionPassword>
</Directory>
</config>

I tried setting the LDAP credentials and such on my "Cisco Dual Mode for iPhone" device in CUCM, but that did not seem to work. should it? Was I maybe just doing something wrong? Any thoughts or suggestions would be appreciated.

Jaime Valencia · ‎05-11-2016

You only have two options, either you check the Use Logged On User Credential option in the service profile, assuming the credentials are valid LDAP credentials to log into LDAP, or if you do not check that option, you need to define the username/pwd in the .xml file

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_6/cjab_b_on-premises-deployment-ciscojabber-116/cjab_b_on-premises-deployment-ciscojabber-116_chapter_011.html

You can create a special user with read only permissions for this.

HTH

java

if this helps, please rate

Denis Pointer · ‎05-11-2016

Thanks for the quick response Jaime.

I did try the use Logged On User Credential option, but that is not working for me. The credentials I am logging into Jabber with are valid AD credentials, but I am missing something.

I have a directory UC service created with

Product Type: Directory

Name: Dir2

Host Name / IP Address: (AD IP Address)

Port: 389

Protocol TCP

I also have and Enhanced Directory I created to test with. same settings plus:

Connection Type: Global Catalog

User Secure Connection: checked

all others unchecked / blank

On the Service Profile assigned to my user, the Directory Profile settings as follows:

Primary: Dir2

Secondary / Tertiary: not set

Use UDS for Contact Resolution unchecked (tried both checked and unchecked)

Use Logged On User Credential: Checked

Username and Password blank

Search Base 1: ou=folder,dc=mydomain,dc=com

search base 2 and 3 blank

recursive search checked

search timeout 5 seconds

base filter and predictive search blank

still no directory on iPhone (works fine on windows client though)

I tried using the Enhanced Directory instead, same results

Do I need to reset or restart anything after setting the service profile? or just close and relaunch client?

We are using a read only account for our AD sync, but I still don't like the idea of sharing it out in clear text, I did try by using the credentials I am logging into Jabber with as the BDIConnectionUsername in the jabber-config.xml file and that worked, so the logged on credentials should work, not sure what I am missing though.