04-03-2016 07:23 AM - edited 03-17-2019 06:00 PM
Hi
We have a 10.5.2 CUCM/CIMP setup that's integrated with Active Directory. And our customer isn't too happy about having to login into jabber using the scheme samaccountname@domain. We could change the AD sync to use the mail address as userid (right now it's set to use the samaccountname), but as we're also using CCX which does not support userids with an @, this is not the way to go.
So, is there a way for CIMP to accept the directory uri (which contains the email address) as login in Jabber (and especially Jabber Mobile.. we have the PC part handled with an SSO setup based on OpenAM)?
Thanks
Stephan
04-03-2016 10:52 AM
I think you can do it by choosing "mail" attribute in Directory URI LDAP under system -> ldap -> ldap directory.
Suresh
04-03-2016 12:08 PM
Suresh
And which attribute would you set to mail? UserId is a nogo as I wrote above.. my CUCM userIds must remain samAccountNames.. but I wish to use the DirectoryUri (which is set to mail.. and I can find people in Jabber using their mail address) as a login.
04-03-2016 10:00 PM
By default, the Jabber ID (JID) is based on the Unified CM User ID<uid>@xmpp domain. The flexible JID feature allows the JID to be constructed based on Directory URI field. The directory URI may be administratively mapped using the following LDAP synchronized data fields:
• mail
• msRTCSIP-PrimaryUserAddress
• Manually Configured by Administrator
This allows organizations to map user JIDs that align with the corporate naming address scheme in use. For example, a user’s JID (IM address) can be mapped to their E-Mail address using the mail parameter, effectively creating a single address for multi-modal communications.
Hope this helps.
Suresh
04-04-2016 12:45 AM
Hmm.. but the JID isn't necessarily the sign-in name, is it? I have configured my ldap sync to use samAccountName as mail as Directory URI. In Jabber, I can sign in using userid@domain or just userid (assuming SRV records are in place). Once logged in, Jabber shows the JID as being the email address. However, signing in with the email address does not work.. you get the usual "Your username or password is not correct" just as if you use an account that does not exist or mistype your login or password.
Using the configuration above, I can search users in jabber using their directory uri.. so it seems to do what it claims, but apparently the login isn't really the JID. Or is there an additional configuration parameter I have forgot? Is there perhaps something in the jabber.xml I also need to adjust?
I have a suspicion why this thing doesn't work.. I'm using ldap authentication for my users... so I suspect the authentication is made against AD using login and password I put into jabber and since UserId is mapped to samAccountName, the authentication component is checking if there's a user with samAccountName = the email I plug into Jabber and that doesn't work.
04-05-2016 04:43 AM
Stephan,
The JID is the sign id credential for jabber. The default configuration for IM and P is to use userid@xmpp domain to authenticate users. If you want to deviate from this, and use directory uri to sign in, then you will need to use flexible JID feature. This requires quite a few configuration. Please refer to this thread for similar idea
https://supportforums.cisco.com/discussion/12944041/multiple-domain-name-configuration-im-presence
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide