cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12743
Views
0
Helpful
12
Replies

Jabber for Windows without LDAP authentication?

Cisco Kbsl
Level 1
Level 1

Hi

we have a CUCM 8.6 which has local authentication (not synced with LDAP directory). Can we deploy Jabber for windows in this environment?

12 Replies 12

Aaron Harrison
VIP Alumni
VIP Alumni

Hi

You can, but with some limitations.

Option 1) UDS

If you are on CM8.6.2 you can use UDS rather then LDAP, which means that it uses the CUCM directory.


Restrictions: Currently only JfW uses UDS, so Jabber on iPhone/iPad/Android/Mac will not use UDS. You can't store photos in UDS, and there are fewer numbers etc for users (i.e. one tel number instead of mobile/home/business numbers etc).

Option 2) LDAP without Sync

The requirement for LDAP is that the UserIDs in CUCM match a field in LDAP for the users. So if you use the same UserIDs in CUCM as in LDAP, that's perfect. If you use tel numbers for userID in CUCM, then you would have to have the same numbers in a field in LDAP (e.g. telephoneNumber), ensure that multiple people in AD don't have the same telephoneNumber, and customise the LDAP attribute mapping in the jabber-config.xml file and on the CUPS LDAP attribute mappings

Restrictions: If you don't sync up AD, passwords in LDAP and CUCM will be different. If you have Unity as well, passwords might be different there. This means that the user must keep entering those passwords when they change:

- They log in to JfW with the CCM user id and password

- They would need to go into options, and enter a password for the LDAP directory and Voicemail, and update those when they stop working after a password change

You may also get issues if you aren't using the standard LDAP user ID field to map the users - telephoneNumber, employeeNumber etc are not guaranteed to be uniqueu as the sAMAccountName is, so mutliple people can end up with the same number and that will break something.

The bottom line is that LDAP sync is the most streamlined way to deploy it.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Hi Aaron

,

Thank you very much for your information. I will try thr options you suggested, I think option 2 will also work for Jabber on iPhone/iPad/Android/Mac ?

Regards

Hi

Yes, it works, but but it does get confusing for users due to the non-synced passwords.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Hi Aaron,

Restrictions: Currently only JfW uses UDS, so Jabber on iPhone/iPad/Android/Mac will not use UDS.

I just installed awhile ago and make it work JfW. For now I do not have resources to test it with IPhone/IPad/Android and MaC. My understanding on your statement is that only IM for IPhone/IPad/Android and MaC will not work, but the Jabber phone apps will do fine? Please let me know if my understanding is right. Many thanks in advance.

Hi

What you will find is that yes, the softphone elements and probably IM etc will work, but you will not be able to search for or add new contacts.

Your buddy list as created on JfW (if this is the same user on the iPhone etc) should get synced, but you may get other problems with resolving names for inbound calls etc.

It may cause a lot of user confusion and frustration.

Regards

Aaron

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Michael Boscia
Level 4
Level 4

I wouldn't recommend this, as it will be a nightmare to support.

I guess we should ask:

How many clusters do you have?

How many users do you have?

Hi Michael,

Approximately 400 Users.

Please help me to understand how can I implement Jabber without LDAP. Client dont have LDAP and just want to use CUCM for users authentication. We have so many implementation that need Jabber but no LDAP.

Hi

If you have just Jabber for Windows, and CUCM 8.6.2, you can configure it for UDS (uses the CUCM database instead of LDAP).

If you have other Jabber platforms (e.g. mac, mobile etc) they still require LDAP - presumably future releases will not, but I don't know if/when those are on the roadmap.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

rfovrtega
Level 1
Level 1

Thanks for the swift response Aaron. Can you give me a bulleted that the (IPad, Iphone, Android, Mac devices) issues if implemented without LDAP. Now I'm testing the Jabber IPad and it is logged in without LDAP.

rfovrtega
Level 1
Level 1

I really need to understand and explain how can I implement Jabber without LDAP which most of my clients dont have LDAP. Many thanks in advance Aaron.

Basically LDAP is used for searching for users - e.g. finding users to add to the contact list, number lookups, reverse number lookups and so on. Some clients are simple softphones (e.g. droid/iphone) and others have soft voice/video (e.g. the iPad) but add on all the presence capabilities as weel.

If your clients really don't have LDAP and aren't interested in deploying it then it's time for you to learn a supported directory (such as AD or OpenLDAP) and learn how to populate that directory based on CUCM user info. You can then include it as part of your Jabber deployment and take the extra services revenue.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

I have a similar situation with a demo suite we are trying to implement. There is no demo AD environment therefore I am just trying to use the CUCM corporate directory for user searches, without any luck.

In previous versions of Jabber and CUPC you could simple hook into the CUCM directory, but this seems almost impossible with JfW 9.6.

I have set the directory type to UDS in the jabber-config.xml, but this seems to be ignored on the client. LDAP seems to be default as I am assuming its taking it from the OS. I have now got the PC off the domain but still its trying LDAP.

Granted, in most deployments AD/LDAP is used, but there must be a easier way of using CUCM as the directory.

I'm thinking that I have to set up an SRV record for _cisco-uds.tcp in the domain. Hopefully that should fix.