Re: Jabber - showing too much private information

dylanjordans · ‎03-27-2023

Hi,

We have recently introduced Jabber in our workplace, but for some users it shows too much information when looking them up in the address book. Such as their home- and mobile phone numbers, while we only want to show their internal Jabber number.

I'm assuming this is because they filled it in the HR system which syncs with AD, which the CUCM then syncs to Jabber from there.

I have been trying to find a way for the CUCM to force Jabber to hide home- and mobile phone numbers, but I haven't been able to find it. Is this possible, or is there another way to make Jabber hide/not show such information? Without having to remove these numbers from our HR system preferably.

dylanjordans · ‎03-28-2023

Thank you very much! Going to try it, will update with the result.

jrsteele21 · ‎03-27-2023

check out this thread

How do I hide users Home and Mobile numbers from the Jabber 10.5 dial options and profile - Cisco Community

Jonathan Schulenberg · ‎03-29-2023

The suggestions in that thread will only work when on the internal network - directly or by VPN when Jabber can bind directly to LDAP; Cisco calls this CDI in the docs. That won’t work when connected over MRA, which only supports UDS, or if you have ticked the Use UDS checkbox on the Service Profile. Jabber is just going to get whatever CUCM has instead. IIRC those two attributes cannot be unmapped on the LDAP Sync agreement.

The larger issue here is that those LDAP attributes are exposed elsewhere - including the Outlook GAL. My advice is to just remove that confidential info from LDAP directly. Alternatively, you might be able to explicitly deny the CUCM/CUC service account read access to those two attributes so it can’t ingest that info. I haven’t tested this though and am unsure how the LDAP server would behave, i.e. if it just won’t return a value for those attributes or if it will deny the query entirely.