Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4525
Views
0
Helpful
5
Replies

How can I configure Jabber to accept the JID / Directory URI for Login user?

jeliasoncisco
Level 5
Level 5

‎02-03-2015 08:35 PM - edited ‎03-17-2019 04:51 PM

Hello,

We have IM&P 10.5.2 running and connecting to our Windows Active Directory. Our user names are different than our email addresses, however, I would like to setup the login username on Jabber to be the Directory URI which is our mail entry from Active Directory. I have already setup multi-domain and flexible JID for our Jabber IM&P deployment, however, we are not able to login with the flexible JID as username.

 

AD Domain: example.local

User: JohnD

 

**This is what I would like to log in to Jabber with as the users are used to logging in to all other services with their email address.

Directory URI/mail/Flexible JID: jdoe@example.com

 

I appreciate your direction in configuring this. Thanks.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

heathrw
Level 4
Level 4

‎02-03-2015 09:34 PM

Hi,

 

To change the UserID for users you will need to do this from the CUCM. Change the 'LDAP Attribute for User ID' from SAMAccountName to Mail from the System > LDAP System

 

You may want to  see how this impacts your flexible JID  and other features maybe in use such as federation, voice mail etc.

 

I have a recently had a single AD with multiple DNS domains and left it as the SAMAccountName and just changed the advanced presence settings 'IM Address Scheme' to Directory UI which. This way users dont need to think about different user IDs. Just depends on your goals. If you have multiple ADs that is a different ball park. 

 

 

0 Helpful

jeliasoncisco
Level 5
Level 5
In response to heathrw

‎02-04-2015 06:47 AM

Thanks for the reply.

From what I can tell, if I use the "mail" as user in CUCM, it will use the whole email address such as jdoe@example.com

I was hoping the usernames would just be the "jdoe" portion.

 

I am concerned that this won't be a smooth change over as the existing usernames will not match the old usernames in CUCM and thus there will be duplicates and we will have to reassociate all phones and voicemail boxes etc.

 

Does anyone have any advise or documentation on this type of username migration?

Thanks.

0 Helpful

heathrw
Level 4
Level 4
In response to jeliasoncisco

‎02-04-2015 02:25 PM

Hi,

 

I have had a recent deployment where I have changed the user ID and did not have any device association issues. Appears UCM uses the AD account SID as a unique identifier opposed to the actual user ID, this can be seen when doing a user export using the BAT. If you wanted to confirm would recommend stand up another test instance of UCM register and associate handsets then do the user ID switch.

 

Also on a side note current customer deployment UCM can also use the AD userPrincipalName (uPN) and their environment has the following:

- SAM AccountName = janed

- Email = jane.doe@company.com

- uPN = janed@company.local 

 

Hope this helps

0 Helpful

Martin Abildgaard
Level 1
Level 1
In response to heathrw

‎04-14-2015 03:16 PM

Hi Heathrw

 

How did you manage to solve this? you say you just changed the adv. presence setting IM address Scheme and then the users are able to login with their directory URI.

I have a similar setup when we have multiple domains on the same cluster. It is not AD integrated, so users are setup manually.

I have been running a case with TAC the last 2 weeks and all they return with is that it is not supported. I have all servers 10.5.X and jabber 10.6 but all fails when login in with directory URI. login with userID is okay..

According to https://communities.cisco.com/docs/DOC-56331 they use the term Flexible JID which should explain the feature.

Any input would be appreciated.

 

0 Helpful

heathrw
Level 4
Level 4
In response to Martin Abildgaard

‎04-14-2015 04:16 PM

Hi,

Yes I did get a win on this. Below is my setup.

  • Using SRV records for server discovery
  • UserID resolves if using full email address or can just login using UserID@domain
  • AD Import/Directory was enabled, Directory URI was set to email
  • AD Authentication disabled, imported users were assigned initial default password configured in the default credential policy
  • Service Profile, Directory Profile section, left defaults did not apply and directory services
  • Presence Advanced Settings, IM Address Scheme set to Directory URI (this is a must if using multiple DNS domains)
  • Looking at a contact profile from jabber has the Chat IM, email, etc are all the same.
  • Users running Jabber 10.6.0
  • CUCM and CUPS 10.5.1
  • The customer also had a Lync pilot at one stage, some users had msRTCSIP-PrimaryUserAddress populated and had issues once this was blanked out those users then worked. This is actually synced with tons of over stuff you don't see, need the use cli SQL commands to view. Since you are manually creating users may not have this problem.

Jabber-Config.xml as below:

<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
 <Policies>
   <DirectoryURI>mail</DirectoryURI>
 </Policies>
 <Directory>
   <DirectoryServerType>UDS</DirectoryServerType>
   <IMAddresses use-default="false">
      <IMAddress>mail</IMAddress>
   </IMAddresses>
   <UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts>
   <SipUri>mail</SipUri>
   <DirectoryServerType>UDS</DirectoryServerType>
 </Directory>
</config>

 

 

Hope this helps, let me know how you progress.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents