We have IM&P 10.5.2 running and connecting to our Windows Active Directory. Our user names are different than our email addresses, however, I would like to setup the login username on Jabber to be the Directory URI which is our mail entry from Active Directory. I have already setup multi-domain and flexible JID for our Jabber IM&P deployment, however, we are not able to login with the flexible JID as username.
AD Domain: example.local
**This is what I would like to log in to Jabber with as the users are used to logging in to all other services with their email address.
Directory URI/mail/Flexible JID: firstname.lastname@example.org
I appreciate your direction in configuring this. Thanks.
To change the UserID for users you will need to do this from the CUCM. Change the 'LDAP Attribute for User ID' from SAMAccountName to Mail from the System > LDAP System
You may want to see how this impacts your flexible JID and other features maybe in use such as federation, voice mail etc.
I have a recently had a single AD with multiple DNS domains and left it as the SAMAccountName and just changed the advanced presence settings 'IM Address Scheme' to Directory UI which. This way users dont need to think about different user IDs. Just depends on your goals. If you have multiple ADs that is a different ball park.
Thanks for the reply.
From what I can tell, if I use the "mail" as user in CUCM, it will use the whole email address such as email@example.com
I was hoping the usernames would just be the "jdoe" portion.
I am concerned that this won't be a smooth change over as the existing usernames will not match the old usernames in CUCM and thus there will be duplicates and we will have to reassociate all phones and voicemail boxes etc.
Does anyone have any advise or documentation on this type of username migration?
I have had a recent deployment where I have changed the user ID and did not have any device association issues. Appears UCM uses the AD account SID as a unique identifier opposed to the actual user ID, this can be seen when doing a user export using the BAT. If you wanted to confirm would recommend stand up another test instance of UCM register and associate handsets then do the user ID switch.
Also on a side note current customer deployment UCM can also use the AD userPrincipalName (uPN) and their environment has the following:
- SAM AccountName = janed
- Email = firstname.lastname@example.org
- uPN = email@example.com
Hope this helps
How did you manage to solve this? you say you just changed the adv. presence setting IM address Scheme and then the users are able to login with their directory URI.
I have a similar setup when we have multiple domains on the same cluster. It is not AD integrated, so users are setup manually.
I have been running a case with TAC the last 2 weeks and all they return with is that it is not supported. I have all servers 10.5.X and jabber 10.6 but all fails when login in with directory URI. login with userID is okay..
According to https://communities.cisco.com/docs/DOC-56331 they use the term Flexible JID which should explain the feature.
Any input would be appreciated.
Yes I did get a win on this. Below is my setup.
Jabber-Config.xml as below:
<?xml version="1.0" encoding="utf-8"?>
Hope this helps, let me know how you progress.