09-28-2021 02:43 AM - edited 09-28-2021 10:59 AM
I found that a Jabber use can login with either their mail or their user id.
In my example, the userid is "gerry", while their email address is "gerry.orourke@lab1.example.com"
The end user can log in with <userid>@<domain>
This is the expected and documented login approach.
But the user can ALSO login using their email address and this is what I would like to use - but I don't see this feature documented anywhere?
EDIT / Update: After posting this query - I was able to confirm that logging in using the email as the username ONLY works when on site. When logging in externally (via expressways), this does NOT work. Hence its not a viable solution.
If you need a user to login via their email address - the userid in CUCM should use mail and not sAMAccountName.
Note: when updating LDAP to use mail, existing users automatically get updated - so it a simple migration.
Jabber "finds" the correct user based on their email address and then displays the users 'userid' as in the below screen shots.
Does anyone know if this nice feature is officially supported or documented?
Log extract showing Jabber matching the correct user.
2021-09-28 10:33:01,903 DEBUG [0x000017f4] [ces\impl\ucm-config\UdsProvider.cpp(738)] [csf.config] [csf::ucm90::UdsProvider::getLocatorUdsInformation] - The current request succeeded with the user identifier: gerry.orourke%40lab1.example.com
2021-09-28 10:33:01,903 INFO [0x000017f4] [\ucm-config\uds\HomeUdsUrlParser.cpp(30)] [csf.config] [csf::ucm90::HomeUdsUrlParser::getCucmUserId] - cucmUserId: 'gerry'
And here is a screen shot.
Jabber - username updating as it linked / found the userid "gerry" for the mail address.
Regards,
Gerry
Solved! Go to Solution.
09-28-2021 11:02 AM
I was able to confirm that logging in with email as the username ONLY works when on site.
When logging in externally (via expressways), this does NOT work. Hence its not a viable solution for users.
If you want a user to be able to login via their email address - the userid in CUCM should use mail and not sAMAccountName.
Note: when updating LDAP to use mail, existing users automatically get updated - so this is a simple migration.
Regards,
Gerry
09-28-2021 03:00 AM
Hi Gerry,
this feature has already been there for a longer period.
I guess, it's the more often used scenario, since the IM&P supports the "directory URI" as IM Address Scheme.
And in most cases (my experience), the directory URI is sync with the mail-field from LDAP.
09-28-2021 03:26 AM
Bjoern,
In my case you can see that the Directory URI is blank.
So its not using the Directory URI.
Note: I also edited a typo in original query - correctly updating the actual email address used to login.
Regards,
Gerry
09-28-2021 03:42 AM
Gerry,
Jabber login is based on the LDAP userid attribute in CUCM to sync the users. The screenshots show that the attribute is sAMAccountName and not mail. So if you want to login to work based on mail id, then the attribute should be changed to mail id and perform a re-sync. But what that means is you've to enter the domain twice during the default login screen; something like this - gerry.orourke@lab1.example.com@lab1.example.com. The client sends a bunch of https queries to CUCM to find its home UDS server like what you saw above using 'mail id' first and then the 'username' . Based on what it gets as the response for cucmUserId, CUCM sends the authentication request to the LDAP server for authentication.
Note: - The directory uri field is used for IM address scheme on the IM&P server to set the chat address to email or msRTCSIPPrimaryUserAddres instead of the default samaccountame@presencedomain.it doesn't change anything as far as the login details are concerned.
Hope this helps!
Sankar
09-28-2021 03:48 AM
Sankar,
I know that I can switch the userid to be the mail - and I know this will work.
But what I can confirm is that WITHOUT doing this, the login works if I use the userid@domain.com (the default - sAMAccountName)
but ALSO if I use the email address - (the mail attribute in LDAP) - (even though mail address is NOT the same as the userid)
I have shown this in the above screeshots and you can see this in the log file extract.
I can login with samaccountname@domain.com
OR the user's email
gerry.orourke@lab1.example.com
But I do NOT see that this is documented anywhere?
i.e. I have not found anywhere is states you can login using the mail address (excluding where as you say you change the userid to import from LDAP as mail instead of sAMAccountName)- and yet it works!
Gerry
09-28-2021 03:44 AM
I know, just wanted to mention, that in installations, where the directory uri (in most cases synced via mail-field) is used as IM address, it is normal to use the email as login.
Basically, CUCM tries to find a user based on the user-port of the login, or uses the whole string to find a user, with that string in the mail field.
E.g.
1)
User configured like:
Userid: test
mail: test@intern.local
=> Login in Jabber: test@intern.local
=> Will find the user "test", no matter how.
2)
User configured like:
Userid: test
mail: test.lastname@intern.local
=> Login in Jabber: test@intern.local
=> Will find the user "test", based on the user-part of the login, in this case it's "test".
3)
User configured like:
Userid: test
mail: test.lastname@intern.local
=> Login in Jabber: test.lastname@intern.local
=> Will find the user "test", based on the whole login string "test.lastname@intern.local", matching the mail of the user.
09-28-2021 04:00 AM
Bjoern,
Yes - exactly. That is what I found.
But I don't see this documented anywhere?
Hence I am not 100% sure if it is guaranteed to work.
But if I could find documentation confirming this, I could leave the LDAP integration using sAMAccountName and not switch this to mail.
Have you seen it actually documented as supported login with the LDAP "mail" attribute even if userid is "sAMAccountName"?
Gerry
09-28-2021 11:02 AM
I was able to confirm that logging in with email as the username ONLY works when on site.
When logging in externally (via expressways), this does NOT work. Hence its not a viable solution for users.
If you want a user to be able to login via their email address - the userid in CUCM should use mail and not sAMAccountName.
Note: when updating LDAP to use mail, existing users automatically get updated - so this is a simple migration.
Regards,
Gerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: