02-03-2015 08:35 PM - edited 03-17-2019 04:51 PM
Hello,
We have IM&P 10.5.2 running and connecting to our Windows Active Directory. Our user names are different than our email addresses, however, I would like to setup the login username on Jabber to be the Directory URI which is our mail entry from Active Directory. I have already setup multi-domain and flexible JID for our Jabber IM&P deployment, however, we are not able to login with the flexible JID as username.
AD Domain: example.local
User: JohnD
**This is what I would like to log in to Jabber with as the users are used to logging in to all other services with their email address.
Directory URI/mail/Flexible JID: jdoe@example.com
I appreciate your direction in configuring this. Thanks.
02-03-2015 09:34 PM
Hi,
To change the UserID for users you will need to do this from the CUCM. Change the 'LDAP Attribute for User ID' from SAMAccountName to Mail from the System > LDAP System
You may want to see how this impacts your flexible JID and other features maybe in use such as federation, voice mail etc.
I have a recently had a single AD with multiple DNS domains and left it as the SAMAccountName and just changed the advanced presence settings 'IM Address Scheme' to Directory UI which. This way users dont need to think about different user IDs. Just depends on your goals. If you have multiple ADs that is a different ball park.
02-04-2015 06:47 AM
Thanks for the reply.
From what I can tell, if I use the "mail" as user in CUCM, it will use the whole email address such as jdoe@example.com
I was hoping the usernames would just be the "jdoe" portion.
I am concerned that this won't be a smooth change over as the existing usernames will not match the old usernames in CUCM and thus there will be duplicates and we will have to reassociate all phones and voicemail boxes etc.
Does anyone have any advise or documentation on this type of username migration?
Thanks.
02-04-2015 02:25 PM
Hi,
I have had a recent deployment where I have changed the user ID and did not have any device association issues. Appears UCM uses the AD account SID as a unique identifier opposed to the actual user ID, this can be seen when doing a user export using the BAT. If you wanted to confirm would recommend stand up another test instance of UCM register and associate handsets then do the user ID switch.
Also on a side note current customer deployment UCM can also use the AD userPrincipalName (uPN) and their environment has the following:
- SAM AccountName = janed
- Email = jane.doe@company.com
- uPN = janed@company.local
Hope this helps
04-14-2015 03:16 PM
Hi Heathrw
How did you manage to solve this? you say you just changed the adv. presence setting IM address Scheme and then the users are able to login with their directory URI.
I have a similar setup when we have multiple domains on the same cluster. It is not AD integrated, so users are setup manually.
I have been running a case with TAC the last 2 weeks and all they return with is that it is not supported. I have all servers 10.5.X and jabber 10.6 but all fails when login in with directory URI. login with userID is okay..
According to https://communities.cisco.com/docs/DOC-56331 they use the term Flexible JID which should explain the feature.
Any input would be appreciated.
04-14-2015 04:16 PM
Hi,
Yes I did get a win on this. Below is my setup.
Jabber-Config.xml as below:
<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Policies>
<DirectoryURI>mail</DirectoryURI>
</Policies>
<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
<IMAddresses use-default="false">
<IMAddress>mail</IMAddress>
</IMAddresses>
<UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts>
<SipUri>mail</SipUri>
<DirectoryServerType>UDS</DirectoryServerType>
</Directory>
</config>
Hope this helps, let me know how you progress.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide