cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
852
Views
15
Helpful
7
Replies
gorourke
Rising star

Jabber End user able to login with mail or userid ?

I found that a Jabber use can login with either their mail or their user id.

In my example, the userid is "gerry", while their email address is "gerry.orourke@lab1.example.com"

 

The end user can log in with <userid>@<domain>

e.g. gerry@lab1.example.com

 

This is the expected and documented login approach.

 

But the user can ALSO login using their email address and this is what I would like to use - but I don't see this feature documented anywhere?

 

EDIT / Update: After posting this query - I was able to confirm that logging in using the email as the username ONLY works when on site. When logging in externally (via expressways), this does NOT work. Hence its not a viable solution.

If you need a user to login via their email address - the userid in CUCM should use mail and not sAMAccountName.

Note: when updating LDAP to use mail, existing users automatically get updated - so it a simple migration.

 

Jabber "finds" the correct user based on their email address and then displays the users 'userid' as in the below screen shots.

Does anyone know if this nice feature is officially supported or documented?

 

Log extract showing Jabber matching the correct user.

2021-09-28 10:33:01,903 DEBUG [0x000017f4] [ces\impl\ucm-config\UdsProvider.cpp(738)] [csf.config] [csf::ucm90::UdsProvider::getLocatorUdsInformation] - The current request succeeded with the user identifier: gerry.orourke%40lab1.example.com
2021-09-28 10:33:01,903 INFO [0x000017f4] [\ucm-config\uds\HomeUdsUrlParser.cpp(30)] [csf.config] [csf::ucm90::HomeUdsUrlParser::getCucmUserId] - cucmUserId: 'gerry'

 

And here is a screen shot.

login1.png

 

Jabber - username updating as it linked / found the userid "gerry" for the mail address.

 

login2.png

 

Regards,

Gerry

 

1 ACCEPTED SOLUTION

Accepted Solutions

I was able to confirm that logging in with email as the username ONLY works when on site.

When logging in externally (via expressways), this does NOT work. Hence its not a viable solution for users.

 

If you want a user to be able to login via their email address - the userid in CUCM should use mail and not sAMAccountName.

Note: when updating LDAP to use mail, existing users automatically get updated - so this is a simple migration.

 

Regards,

Gerry

View solution in original post

7 REPLIES 7
b.winter
Beginner

Hi Gerry,

 

this feature has already been there for a longer period.

I guess, it's the more often used scenario, since the IM&P supports the "directory URI" as IM Address Scheme.

And in most cases (my experience), the directory URI is sync with the mail-field from LDAP.

Bjoern,

 

In my case you can see that the Directory URI is blank.

So its not using the Directory URI.

Note: I also edited a typo in original query - correctly updating the actual email address used to login.

 

userid.png

Regards,

Gerry

 

Gerry,

     Jabber login is based on the LDAP userid attribute in CUCM to sync the users. The screenshots show that the attribute is sAMAccountName and not mail. So if you want to login to work based on mail id, then the attribute should be changed to mail id and perform a re-sync. But what that means is you've to enter the domain twice during the default login screen; something like this - gerry.orourke@lab1.example.com@lab1.example.com. The client sends a bunch of https queries to CUCM to find its home UDS server like what you saw above using 'mail id' first and then the 'username' . Based on what it gets as the response for cucmUserId, CUCM sends the authentication request to the LDAP server for authentication.

 

Note: - The directory uri field is used for IM address scheme on the IM&P server to set the chat address to email or msRTCSIPPrimaryUserAddres instead of the default samaccountame@presencedomain.it doesn't change anything as far as the login details are concerned.

 

Hope this helps!

Sankar

  

Sankar,

 

I know that I can switch the userid to be the mail - and I know this will work.

 

But what I can confirm is that WITHOUT doing this, the login works if I use the userid@domain.com (the default - sAMAccountName)

but ALSO if I use the email address - (the mail attribute in LDAP) - (even though mail address is NOT the same as the userid)

 

I have shown this in the above screeshots and you can see this in the log file extract.

 

I can login with samaccountname@domain.com

gerry@lab1.example.com

OR the user's email

gerry.orourke@lab1.example.com

 

But I do NOT see that this is documented anywhere?

i.e. I have not found anywhere is states you can login using the mail address (excluding where as you say you change the userid to import from LDAP as mail instead of sAMAccountName)- and yet it works!

 

Gerry

 

I know, just wanted to mention, that in installations, where the directory uri (in most cases synced via mail-field) is used as IM address, it is normal to use the email as login.

Basically, CUCM tries to find a user based on the user-port of the login, or uses the whole string to find a user, with that string in the mail field.

E.g.

1)

User configured like:

Userid: test

mail: test@intern.local

=> Login in Jabber: test@intern.local

=> Will find the user "test", no matter how.

 

2)

User configured like:

Userid: test

mail: test.lastname@intern.local

=> Login in Jabber: test@intern.local

=> Will find the user "test", based on the user-part of the login, in this case it's "test".

 

3)

User configured like:

Userid: test

mail: test.lastname@intern.local

=> Login in Jabber: test.lastname@intern.local

=> Will find the user "test", based on the whole login string "test.lastname@intern.local", matching the mail of the user.

Bjoern,

 

Yes - exactly. That is what I found.

But I don't see this documented anywhere?

 

Hence I am not 100% sure if it is guaranteed to work.

But if I could find documentation confirming this, I could leave the LDAP integration using sAMAccountName and not switch this to mail.

 

Have you seen it actually documented as supported login with the LDAP "mail" attribute even if userid is "sAMAccountName"?

Gerry

I was able to confirm that logging in with email as the username ONLY works when on site.

When logging in externally (via expressways), this does NOT work. Hence its not a viable solution for users.

 

If you want a user to be able to login via their email address - the userid in CUCM should use mail and not sAMAccountName.

Note: when updating LDAP to use mail, existing users automatically get updated - so this is a simple migration.

 

Regards,

Gerry

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad