Any meeting hosted by Cisco Meeting Server takes place in what is known as a Space. Before Cisco acquired Acano, this was referred to as a coSpace and in the API the older coSpace terminology still persists, so any API method mentioning a coSpace is referring to what we today call a Space. Spaces can be created either via the WebAdmin GUI or API.

Another way to create Spaces in CMS is via an LDAP agreement. Information from your LDAP directory (such as Active Directory) is used to create a permanent, personal Space tied to that particular user. These Spaces can be accessed and administered by the end-user using the browser-based WebRTC client or Cisco Meeting App on a desktop or mobile device. Authentication is still relayed back to the LDAP server.

In the Single Combined Server deployment, you can configure the connection to Active Directory using the Active Directory page on the Web Admin interface. However, this page only allowed you to specify one Active Directory server and one directory and filter. What happens if you are deploying Cisco Meeting Server in an environment where there are multiple Active Directory servers or users are in different directories on the same server? Configuring via the API allows you to specify multiple Active Directory server, directories, and mapping templates to give you complete flexibility to match any environment.

The API splits the LDAP/AD configuration into four parts:

LDAP Server: The configuration settings that relate to the connection to a specific LDAP/AD server. You can create multiple instances of an LDAP server for environments which have multiple LDAP/AD servers.

LDAP Mapping: The template which defines which LDAP attributes should be used to create your Cisco Meeting Server user accounts. Again, in some environments you may want to use different attributes to create user accounts depending on where the users are being synchronized form so you would create multiple mapping templates.

LDAP Source: This setting brings together the LDAP server and LDAP mapping objects to define an LDAP source. It is on the LDAP source that you define which LDAP server, LDAP mapping template, directory, and filters that need to be applied to extract and create the user accounts. If you are getting users from different servers or directories, then you would create multiple LDAP sources.

LDAP Syncs: The object that initiates the synchronization to the LDAP/AD server. The equivalent of clicking the Sync button on the Active Directory Configuration page on the Web Admin.

By breaking the configuration into three distinct objects (plus the LDAP Sync), it gives you complete flexibility to configure Cisco Meeting Server in any LDAP/AD environment.

The LDAP Source is also where you can assign a user profile to the users you are importing. If you have different groups of users who need have different user profiles assigned, then you will need to create an LDAP source for each group.

LDAP Configuration Process

To create an LDAP connection is a four-step process:

1. Execute a POST to /ldapServers to specify the connection details to the LDAP server which will include the address of the server and the username and password used to connect.
2. Execute a POST to /ldapMappings to create the mapping template which will include username, space name, and space URI. Remember that passwords are never synchronized from LDAP/AD, users are always authenticated on the LDAP/AD server when a user signs into the web app.
3. Execute a POST to /ldapSources to create the LDAP source specifying which server and mapping template to use as well as the directory and any filters to apply.
4. Finally execute a POST to /ldapSyncs to synchronize all your LDAP sources simultaneously unless specify the GUID of a specific LDAP source.